Code Review / it / otf.git / blob
? search:


113ea64a9eeb2054d7af160087a0841681ebd4a9
[it/otf.git] / otf-camunda / helm / otf-camunda / templates / deployment.yaml
1 apiVersion: apps/v1\r
2 kind: StatefulSet\r
3 metadata:\r
4   name: {{ .Values.appName}}-{{ .Values.env }}\r
5   namespace: {{.Values.namespace}}\r
6   labels:\r
7     app: {{ .Values.appName}}\r
8     version: {{.Values.version}}\r
9 spec:\r
10   revisionHistoryLimit: 1\r
11   #minReadySeconds: 10\r
12   #strategy:\r
13   # indicate which strategy we want for rolling update\r
14   #  type: RollingUpdate\r
15   #  rollingUpdate:\r
16   #    maxSurge: 3\r
17   #    maxUnavailable: 1\r
18   #serviceName: camundaServiceName\r
19   serviceName: camunda-service-name\r
20   replicas: {{ .Values.replicas}}\r
21   selector:\r
22     matchLabels:\r
23       app: {{ .Values.appName}}\r
24       version: {{.Values.version}}\r
25   template:\r
26     metadata:\r
27       labels:\r
28         app: {{ .Values.appName}}\r
29         version: {{.Values.version}}\r
30     spec:\r
31       {{ if .Values.pullSecret }}\r
32       imagePullSecrets:\r
33         - name: {{ .Values.pullSecret }}\r
34       {{ end }}\r
35       serviceAccount: default\r
36       volumes:\r
37       - name: {{ .Values.appName}}-aaf-volume\r
38         secret:\r
39           secretName: {{.Values.sharedSecret}}\r
40           optional: true\r
41       - name: {{ .Values.appName}}-keyfile-volume\r
42         secret:\r
43           secretName: {{.Values.sharedSecret}}\r
44           optional: true\r
45           items:\r
46           - key: cadi_keyfile\r
47             path: keyfile\r
48       - name: {{ .Values.appName}}-cert-volume\r
49         secret:\r
50           secretName: {{.Values.sharedCert}}\r
51           optional: true\r
52           items:\r
53           - key: PKCS12_CERT\r
54             {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
55             path: {{ .Values.cert.prod.name | quote }}\r
56             {{ else if eq  .Values.env "st" }}\r
57             path: {{ .Values.cert.st.name | quote }}\r
58             {{ else }}\r
59             path: {{ .Values.cert.dev.name | quote }}\r
60             {{ end }}\r
61           - key: private_key\r
62             path: {{ .Values.Secret.privateKey.name }}\r
63 #      - name: {{.Values.appName}}-config-volume\r
64 #        configMap:\r
65 #          name: {{.Values.appName}}-config\r
66 #          items:\r
67 #          - key: router_config\r
68 #            path: config.ini\r
69       {{ if or (eq .Values.env "st") (eq .Values.env "prod-dr")}}\r
70       {{else}}\r
71       #- name: logging-pvc\r
72       #  persistentVolumeClaim:\r
73       #    {{if eq .Values.env "prod"}}\r
74       #    claimName: {{ .Values.pvc.prod | quote }}\r
75       #    {{ else }}\r
76       #    claimName: {{ .Values.pvc.dev | quote }}\r
77       #    {{ end }}\r
78       {{end}}\r
79       containers:\r
80 #      - name: mysql-router\r
81 #        image: {{ .Values.otf.camunda.router.image }}\r
82 #        imagePullPolicy: Always\r
83 #        ports:\r
84 #        - name: http\r
85 #          containerPort: {{ .Values.otf.camunda.router.port }}\r
86 #          protocol: TCP\r
87         #{{ if eq .Values.env "st"}}\r
88         #resources:\r
89         #  limits:\r
90         #    memory: "1Gi"\r
91         #    cpu: "500m"\r
92         #  requests:\r
93         #    memory: "512Mi"\r
94         #    cpu: "100m"\r
95         #{{else}}\r
96         #resources:\r
97         #  limits:\r
98         #    memory: "1Gi"\r
99         #    cpu: "500m"\r
100         #  requests:\r
101         #    memory: "512Mi"\r
102         #    cpu: "100m"\r
103         #{{end}}\r
104 #        args: ["--config=/opt/config/config.ini"]\r
105 #        lifecycle:\r
106 #          preStop:\r
107 #            exec:\r
108 #              command: ["/bin/sh", "-c", {{ "sleep 0" | replace "0" (.Values.terminationGracePeriodSeconds | toString) | quote}} ]\r
109         #volumeMounts:\r
110         #- name: {{.Values.appName}}-config-volume\r
111         #  mountPath: /opt/config\r
112       - name: {{ .Values.appName}}\r
113         image: {{ .Values.image}}\r
114         imagePullPolicy: Always\r
115         ports:\r
116         - name: http\r
117           containerPort: {{ .Values.otf.camunda.tcu.port }}\r
118           #nodePort: {{.Values.nodePort}}\r
119           protocol: TCP\r
120         #{{ if eq .Values.env "st"}}\r
121         #resources:\r
122         #  limits:\r
123         #    memory: "6Gi"\r
124         #    cpu: "2.8"\r
125         #  requests:\r
126         #    memory: "2Gi"\r
127         #    cpu: "1.5"\r
128         #{{else}}\r
129         #resources:\r
130         #  limits:\r
131         #    memory: "10Gi"\r
132         #    cpu: "6"\r
133         #  requests:\r
134         #    memory: "4Gi"\r
135         #    cpu: "2"\r
136         #{{end}}\r
137         env:\r
138         - name: ENV\r
139           {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
140           value: "production"\r
141           {{ else if eq .Values.env "st" }}\r
142           value: "system_test"\r
143           {{ else }}\r
144           value: "development"\r
145           {{ end }}\r
146         - name: NAMESPACE\r
147           value: {{.Values.namespace}}\r
148         - name: APP_NAME\r
149           value: {{ .Values.appName}}\r
150         - name: EXECUTORS_ACTIVE\r
151           {{if eq .Values.env "prod"}}\r
152           value: {{ .Values.otf.camunda.executors_active.prod | quote }}\r
153           {{else if eq .Values.env "prod-dr"}}\r
154           value: {{ .Values.otf.camunda.executors_active.prod_dr | quote }}\r
155           {{else if  eq .Values.env "st"}}\r
156           value: {{ .Values.otf.camunda.executors_active.st | quote }}\r
157           {{ else }}\r
158           value: {{ .Values.otf.camunda.executors_active.dev | quote }}\r
159           {{ end }}\r
160         - name: OTF_MONGO_USERNAME\r
161           valueFrom:\r
162             secretKeyRef:\r
163               name: {{ .Values.one_click.mongo.secret_name}}\r
164               key: mongodb-username\r
165               optional: false\r
166           #valueFrom:\r
167           #  secretKeyRef:\r
168           #    name: {{ .Values.appName}}\r
169           #    key: mongo_username\r
170           #    optional: true\r
171         - name: OTF_MONGO_PASSWORD\r
172           valueFrom:\r
173             secretKeyRef:\r
174               name: {{ .Values.one_click.mongo.secret_name}}\r
175               key: mongodb-password\r
176               optional: false\r
177           #valueFrom:\r
178           #  secretKeyRef:\r
179           #    name: {{ .Values.appName}}\r
180           #    key: mongo_password\r
181           #    optional: true\r
182         - name: OTF_MONGO_HOSTS\r
183           value: {{ .Values.one_click.mongo.ip | quote }}\r
184           # {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
185           # value: {{ .Values.otf.mongo.prod.host | quote }}\r
186           # {{ else if eq  .Values.env "st" }}\r
187           # value: {{ .Values.otf.mongo.st.host | quote }}\r
188           # {{ else }}\r
189           # value: {{.Values.otf.mongo.dev.host | quote }}\r
190           # {{ end }}\r
191         - name: OTF_MONGO_REPLICASET\r
192           #value: {{ .Values.one_click.mongo.replicaset | quote }}\r
193           valueFrom:\r
194             secretKeyRef:\r
195               name: {{ .Values.one_click.mongo.secret_name}}\r
196               key: mongodb-replicaSet\r
197               optional: false\r
198           # {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
199           # value: {{ .Values.otf.mongo.prod.replicaSet | quote }}\r
200           # {{ else if eq .Values.env "st"}}\r
201           # value: {{ .Values.otf.mongo.st.replicaSet | quote }}\r
202           # {{ else }}\r
203           # value: {{ .Values.otf.mongo.dev.replicaSet | quote }}\r
204           # {{ end }}\r
205         - name: OTF_MONGO_DATABASE\r
206           #value: {{ .Values.one_click.mongo.database | quote }}\r
207           valueFrom:\r
208             secretKeyRef:\r
209               name: {{ .Values.one_click.mongo.secret_name}}\r
210               key: mongodb-database\r
211               optional: false\r
212           # {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
213           # value: {{ .Values.otf.mongo.prod.database | quote }}\r
214           # {{else if  eq .Values.env "st"}}\r
215           # value: {{ .Values.otf.mongo.st.database | quote }}\r
216           # {{ else }}\r
217           # value: {{ .Values.otf.mongo.dev.database | quote }}\r
218           # {{ end }}\r
219         - name: OTF_CAMUNDA_DB_URL\r
220           #{{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
221           #value: {{ .Values.otf.camunda.db.prod.url}}\r
222           #{{else if  eq .Values.env "st"}}\r
223           #value: {{ .Values.otf.camunda.db.st.url}}\r
224           #{{ else }}\r
225           #value: {{ .Values.otf.camunda.db.dev.url}}\r
226           #{{ end }}\r
227           value: {{ .Values.one_click.mysql.ip | quote }}\r
228         - name: OTF_CAMUNDA_DB_USERNAME\r
229           #value: {{ .Values.otf.camunda.db.username}}\r
230           valueFrom:\r
231             secretKeyRef:\r
232               name: {{ .Values.one_click.mysql.secret_name}}\r
233               key: mysql-username\r
234               optional: false\r
235           #valueFrom:\r
236           #  secretKeyRef:\r
237           #    name: {{ .Values.appName}}\r
238           #    key: camunda_db_username\r
239           #    optional: true\r
240         - name: OTF_CAMUNDA_DB_PASSWORD\r
241           #value: {{ .Values.otf.camunda.db.password}}\r
242           valueFrom:\r
243             secretKeyRef:\r
244               name: {{ .Values.one_click.mysql.secret_name}}\r
245               key: mysql-password\r
246               optional: false\r
247           #valueFrom:\r
248           #  secretKeyRef:\r
249           #    name: {{ .Values.appName}}\r
250           #    key: camunda_db_password\r
251           #    optional: true\r
252         - name: AAF_PERM_TYPE\r
253           {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
254           value: {{ .Values.aafPermType.prod | quote }}\r
255           {{ else if  eq .Values.env "st"}}\r
256           value: {{ .Values.aafPermType.st | quote }}\r
257           {{ else }}\r
258           value: {{ .Values.aafPermType.dev | quote }}\r
259           {{ end }}\r
260         - name: CADI_HOSTNAME\r
261           {{if eq .Values.env "prod"}}\r
262           value: {{ .Values.cadiHostname.prod | quote }}\r
263           {{else if eq .Values.env "prod-dr"}}\r
264           value: {{ .Values.cadiHostname.prod_dr | quote }}\r
265           {{else if  eq .Values.env "st"}}\r
266           value: {{ .Values.cadiHostname.st | quote }}\r
267           {{ else }}\r
268           value: {{ .Values.cadiHostname.dev | quote }}\r
269           {{ end }}\r
270         - name: AAF_ID\r
271           valueFrom:\r
272             secretKeyRef:\r
273               name: {{ .Values.sharedSecret}}\r
274               key: aaf_id\r
275               optional: true\r
276         - name: AAF_MECH_PASSWORD\r
277           valueFrom:\r
278             secretKeyRef:\r
279               name: {{ .Values.sharedSecret}}\r
280               key: aaf_mech_password\r
281               optional: true\r
282         - name: AAF_PASSWORD\r
283           valueFrom:\r
284             secretKeyRef:\r
285               name: {{ .Values.sharedSecret}}\r
286               key: aaf_password\r
287               optional: true\r
288         - name: CADI_KEYFILE\r
289           valueFrom:\r
290             secretKeyRef:\r
291               name: {{ .Values.sharedSecret}}\r
292               key: keyfile_secret_path\r
293               optional: true\r
294         - name: OTF_CERT_PATH\r
295           {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
296           value: {{ .Values.cert.prod.path | quote }}\r
297           {{ else if eq  .Values.env "st" }}\r
298           value: {{ .Values.cert.st.path | quote }}\r
299           {{ else }}\r
300           value: {{ .Values.cert.dev.path | quote }}\r
301           {{ end }}\r
302         - name: OTF_CERT_PASS\r
303           valueFrom:\r
304             secretKeyRef:\r
305               name: {{ .Values.sharedCert}}\r
306               key: PKCS12_KEY\r
307               optional: true\r
308         - name: APP_VERSION\r
309           value: {{.Values.version}}\r
310         - name: PRIVATE_KEY\r
311           value: {{ .Values.Secret.privateKey.path }}\r
312         - name: PRIVATE_KEY_USERNAME\r
313           valueFrom:\r
314             secretKeyRef:\r
315               name: {{.Values.sharedCert}}\r
316               key: private_key_username\r
317               optional: true\r
318         - name: PRIVATE_KEY_PASSPHRASE\r
319           valueFrom:\r
320             secretKeyRef:\r
321               name: {{.Values.sharedCert}}\r
322               key: private_key_passphrase\r
323               optional: true\r
324         volumeMounts:\r
325         - name: {{.Values.appName}}-keyfile-volume\r
326           mountPath: /opt/secret\r
327         - name: {{.Values.appName}}-cert-volume\r
328           mountPath: /opt/cert\r
329         {{ if or (eq .Values.env "st") (eq .Values.env "prod-dr")}}\r
330         {{else}}\r
331         #- name: logging-pvc\r
332         #  mountPath: "/otf/logs"\r
333         {{end}}   \r
334         livenessProbe:\r
335           httpGet:\r
336             path: /otf/health/v1\r
337             port: http\r
338             scheme: HTTP\r
339             httpHeaders:\r
340             - name: X-Custom-Header\r
341               value: Alive\r
342           initialDelaySeconds: 30\r
343           timeoutSeconds: 30\r
344           periodSeconds: 30\r
345         readinessProbe:\r
346           httpGet:\r
347             path: /otf/health/v1\r
348             port: http\r
349             scheme: HTTP\r
350             httpHeaders:\r
351             - name: X-Custom-Header\r
352               value: Ready\r
353           initialDelaySeconds: 30\r
354           timeoutSeconds: 30\r
355           periodSeconds: 30\r
356       restartPolicy: Always\r
357       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds}}\r