apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: {{ .Values.appName}}-{{ .Values.env }} namespace: {{.Values.namespace}} labels: app: {{ .Values.appName}} version: {{.Values.version}} spec: revisionHistoryLimit: 1 minReadySeconds: 10 strategy: # indicate which strategy we want for rolling update type: RollingUpdate rollingUpdate: maxSurge: 3 maxUnavailable: 1 replicas: {{ .Values.replicas}} selector: matchLabels: app: {{ .Values.appName}} version: {{.Values.version}} template: metadata: labels: app: {{ .Values.appName}} version: {{.Values.version}} spec: serviceAccount: default volumes: - name: {{ .Values.appName}}-aaf-volume secret: secretName: {{.Values.sharedSecret}} - name: {{ .Values.appName}}-keyfile-volume secret: secretName: {{.Values.sharedSecret}} optional: true items: - key: cadi_keyfile path: keyfile - name: {{ .Values.appName}}-cert-volume secret: secretName: {{.Values.sharedCert}} optional: true items: - key: PKCS12_CERT {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} path: {{ .Values.cert.prod.name | quote }} {{ else if eq .Values.env "st" }} path: {{ .Values.cert.st.name | quote }} {{ else }} path: {{ .Values.cert.dev.name | quote }} {{ end }} - key: private_key path: {{ .Values.Secret.privateKey.name }} - name: {{.Values.appName}}-config-volume configMap: name: {{.Values.appName}}-config items: - key: router_config path: config.ini {{ if or (eq .Values.env "st") (eq .Values.env "prod-dr")}} {{else}} - name: logging-pvc persistentVolumeClaim: {{if eq .Values.env "prod"}} claimName: {{ .Values.pvc.prod | quote }} {{ else }} claimName: {{ .Values.pvc.dev | quote }} {{ end }} {{end}} containers: - name: mysql-router image: {{ .Values.otf.camunda.router.image }} imagePullPolicy: Always ports: - name: http containerPort: {{ .Values.otf.camunda.router.port }} protocol: TCP {{ if eq .Values.env "st"}} resources: limits: memory: "1Gi" cpu: "500m" requests: memory: "512Mi" cpu: "100m" {{else}} resources: limits: memory: "4Gi" cpu: "2" requests: memory: "2Gi" cpu: "1" {{end}} args: ["--config=/opt/config/config.ini"] lifecycle: preStop: exec: command: ["/bin/sh", "-c", {{ "sleep 0" | replace "0" (.Values.terminationGracePeriodSeconds | toString) | quote}} ] volumeMounts: - name: {{.Values.appName}}-config-volume mountPath: /opt/config - name: {{ .Values.appName}} image: {{ .Values.image}} imagePullPolicy: Always ports: - name: http containerPort: {{ .Values.otf.camunda.tcu.port }} nodePort: {{.Values.nodePort}} protocol: TCP {{ if eq .Values.env "st"}} resources: limits: memory: "6Gi" cpu: "2.8" requests: memory: "2Gi" cpu: "1.5" {{else}} resources: limits: memory: "10Gi" cpu: "6" requests: memory: "4Gi" cpu: "2" {{end}} env: - name: ENV {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: "production" {{ else if eq .Values.env "st" }} value: "system_test" {{ else }} value: "development" {{ end }} - name: NAMESPACE value: {{.Values.namespace}} - name: APP_NAME value: {{ .Values.appName}} - name: EXECUTORS_ACTIVE {{if eq .Values.env "prod"}} value: {{ .Values.otf.camunda.executors_active.prod | quote }} {{else if eq .Values.env "prod-dr"}} value: {{ .Values.otf.camunda.executors_active.prod_dr | quote }} {{else if eq .Values.env "st"}} value: {{ .Values.otf.camunda.executors_active.st | quote }} {{ else }} value: {{ .Values.otf.camunda.executors_active.dev | quote }} {{ end }} - name: OTF_MONGO_USERNAME valueFrom: secretKeyRef: name: {{ .Values.appName}} key: mongo_username optional: true - name: OTF_MONGO_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.appName}} key: mongo_password optional: true - name: OTF_MONGO_HOSTS {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: {{ .Values.otf.mongo.prod.host | quote }} {{ else if eq .Values.env "st" }} value: {{ .Values.otf.mongo.st.host | quote }} {{ else }} value: {{.Values.otf.mongo.dev.host | quote }} {{ end }} - name: OTF_MONGO_REPLICASET {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: {{ .Values.otf.mongo.prod.replicaSet | quote }} {{ else if eq .Values.env "st"}} value: {{ .Values.otf.mongo.st.replicaSet | quote }} {{ else }} value: {{ .Values.otf.mongo.dev.replicaSet | quote }} {{ end }} - name: OTF_MONGO_DATABASE {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: {{ .Values.otf.mongo.prod.database | quote }} {{else if eq .Values.env "st"}} value: {{ .Values.otf.mongo.st.database | quote }} {{ else }} value: {{ .Values.otf.mongo.dev.database | quote }} {{ end }} - name: OTF_CAMUNDA_DB_URL {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: {{ .Values.otf.camunda.db.prod.url}} {{else if eq .Values.env "st"}} value: {{ .Values.otf.camunda.db.st.url}} {{ else }} value: {{ .Values.otf.camunda.db.dev.url}} {{ end }} - name: OTF_CAMUNDA_DB_USERNAME valueFrom: secretKeyRef: name: {{ .Values.appName}} key: camunda_db_username optional: true - name: OTF_CAMUNDA_DB_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.appName}} key: camunda_db_password optional: true - name: AAF_PERM_TYPE {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: {{ .Values.aafPermType.prod | quote }} {{ else if eq .Values.env "st"}} value: {{ .Values.aafPermType.st | quote }} {{ else }} value: {{ .Values.aafPermType.dev | quote }} {{ end }} - name: CADI_HOSTNAME {{if eq .Values.env "prod"}} value: {{ .Values.cadiHostname.prod | quote }} {{else if eq .Values.env "prod-dr"}} value: {{ .Values.cadiHostname.prod_dr | quote }} {{else if eq .Values.env "st"}} value: {{ .Values.cadiHostname.st | quote }} {{ else }} value: {{ .Values.cadiHostname.dev | quote }} {{ end }} - name: AAF_ID valueFrom: secretKeyRef: name: {{ .Values.sharedSecret}} key: aaf_id optional: true - name: AAF_MECH_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.sharedSecret}} key: aaf_mech_password optional: true - name: AAF_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.sharedSecret}} key: aaf_password optional: true - name: CADI_KEYFILE valueFrom: secretKeyRef: name: {{ .Values.sharedSecret}} key: keyfile_secret_path optional: true - name: OTF_CERT_PATH {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: {{ .Values.cert.prod.path | quote }} {{ else if eq .Values.env "st" }} value: {{ .Values.cert.st.path | quote }} {{ else }} value: {{ .Values.cert.dev.path | quote }} {{ end }} - name: OTF_CERT_PASS valueFrom: secretKeyRef: name: {{ .Values.sharedCert}} key: PKCS12_KEY optional: true - name: APP_VERSION value: {{.Values.version}} - name: PRIVATE_KEY value: {{ .Values.Secret.privateKey.path }} - name: PRIVATE_KEY_USERNAME valueFrom: secretKeyRef: name: {{.Values.sharedCert}} key: private_key_username optional: true - name: PRIVATE_KEY_PASSPHRASE valueFrom: secretKeyRef: name: {{.Values.sharedCert}} key: private_key_passphrase optional: true volumeMounts: - name: {{.Values.appName}}-keyfile-volume mountPath: /opt/secret - name: {{.Values.appName}}-cert-volume mountPath: /opt/cert {{ if or (eq .Values.env "st") (eq .Values.env "prod-dr")}} {{else}} - name: logging-pvc mountPath: "/otf/logs" {{end}} livenessProbe: httpGet: path: /otf/health/v1 port: http scheme: HTTPS httpHeaders: - name: X-Custom-Header value: Alive initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 30 readinessProbe: httpGet: path: /otf/health/v1 port: http scheme: HTTPS httpHeaders: - name: X-Custom-Header value: Ready initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 30 restartPolicy: Always terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds}}