apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ .Values.appName}}-{{ .Values.env }} namespace: {{.Values.namespace}} labels: app: {{ .Values.appName}} version: {{.Values.version}} spec: revisionHistoryLimit: 1 #minReadySeconds: 10 #strategy: # indicate which strategy we want for rolling update # type: RollingUpdate # rollingUpdate: # maxSurge: 3 # maxUnavailable: 1 #serviceName: camundaServiceName serviceName: camunda-service-name replicas: {{ .Values.replicas}} selector: matchLabels: app: {{ .Values.appName}} version: {{.Values.version}} template: metadata: labels: app: {{ .Values.appName}} version: {{.Values.version}} spec: {{ if .Values.pullSecret }} imagePullSecrets: - name: {{ .Values.pullSecret }} {{ end }} serviceAccount: default volumes: - name: {{ .Values.appName}}-aaf-volume secret: secretName: {{.Values.sharedSecret}} optional: true - name: {{ .Values.appName}}-keyfile-volume secret: secretName: {{.Values.sharedSecret}} optional: true items: - key: cadi_keyfile path: keyfile - name: {{ .Values.appName}}-cert-volume secret: secretName: {{.Values.sharedCert}} optional: true items: - key: PKCS12_CERT {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} path: {{ .Values.cert.prod.name | quote }} {{ else if eq .Values.env "st" }} path: {{ .Values.cert.st.name | quote }} {{ else }} path: {{ .Values.cert.dev.name | quote }} {{ end }} - key: private_key path: {{ .Values.Secret.privateKey.name }} # - name: {{.Values.appName}}-config-volume # configMap: # name: {{.Values.appName}}-config # items: # - key: router_config # path: config.ini {{ if or (eq .Values.env "st") (eq .Values.env "prod-dr")}} {{else}} #- name: logging-pvc # persistentVolumeClaim: # {{if eq .Values.env "prod"}} # claimName: {{ .Values.pvc.prod | quote }} # {{ else }} # claimName: {{ .Values.pvc.dev | quote }} # {{ end }} {{end}} containers: # - name: mysql-router # image: {{ .Values.otf.camunda.router.image }} # imagePullPolicy: Always # ports: # - name: http # containerPort: {{ .Values.otf.camunda.router.port }} # protocol: TCP #{{ if eq .Values.env "st"}} #resources: # limits: # memory: "1Gi" # cpu: "500m" # requests: # memory: "512Mi" # cpu: "100m" #{{else}} #resources: # limits: # memory: "1Gi" # cpu: "500m" # requests: # memory: "512Mi" # cpu: "100m" #{{end}} # args: ["--config=/opt/config/config.ini"] # lifecycle: # preStop: # exec: # command: ["/bin/sh", "-c", {{ "sleep 0" | replace "0" (.Values.terminationGracePeriodSeconds | toString) | quote}} ] #volumeMounts: #- name: {{.Values.appName}}-config-volume # mountPath: /opt/config - name: {{ .Values.appName}} image: {{ .Values.image}} imagePullPolicy: Always ports: - name: http containerPort: {{ .Values.otf.camunda.tcu.port }} #nodePort: {{.Values.nodePort}} protocol: TCP #{{ if eq .Values.env "st"}} #resources: # limits: # memory: "6Gi" # cpu: "2.8" # requests: # memory: "2Gi" # cpu: "1.5" #{{else}} #resources: # limits: # memory: "10Gi" # cpu: "6" # requests: # memory: "4Gi" # cpu: "2" #{{end}} env: - name: ENV {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: "production" {{ else if eq .Values.env "st" }} value: "system_test" {{ else }} value: "development" {{ end }} - name: NAMESPACE value: {{.Values.namespace}} - name: APP_NAME value: {{ .Values.appName}} - name: EXECUTORS_ACTIVE {{if eq .Values.env "prod"}} value: {{ .Values.otf.camunda.executors_active.prod | quote }} {{else if eq .Values.env "prod-dr"}} value: {{ .Values.otf.camunda.executors_active.prod_dr | quote }} {{else if eq .Values.env "st"}} value: {{ .Values.otf.camunda.executors_active.st | quote }} {{ else }} value: {{ .Values.otf.camunda.executors_active.dev | quote }} {{ end }} - name: OTF_MONGO_USERNAME valueFrom: secretKeyRef: name: {{ .Values.one_click.mongo.secret_name}} key: mongodb-username optional: false #valueFrom: # secretKeyRef: # name: {{ .Values.appName}} # key: mongo_username # optional: true - name: OTF_MONGO_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.one_click.mongo.secret_name}} key: mongodb-password optional: false #valueFrom: # secretKeyRef: # name: {{ .Values.appName}} # key: mongo_password # optional: true - name: OTF_MONGO_HOSTS value: {{ .Values.one_click.mongo.ip | quote }} # {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} # value: {{ .Values.otf.mongo.prod.host | quote }} # {{ else if eq .Values.env "st" }} # value: {{ .Values.otf.mongo.st.host | quote }} # {{ else }} # value: {{.Values.otf.mongo.dev.host | quote }} # {{ end }} - name: OTF_MONGO_REPLICASET #value: {{ .Values.one_click.mongo.replicaset | quote }} valueFrom: secretKeyRef: name: {{ .Values.one_click.mongo.secret_name}} key: mongodb-replicaSet optional: false # {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} # value: {{ .Values.otf.mongo.prod.replicaSet | quote }} # {{ else if eq .Values.env "st"}} # value: {{ .Values.otf.mongo.st.replicaSet | quote }} # {{ else }} # value: {{ .Values.otf.mongo.dev.replicaSet | quote }} # {{ end }} - name: OTF_MONGO_DATABASE #value: {{ .Values.one_click.mongo.database | quote }} valueFrom: secretKeyRef: name: {{ .Values.one_click.mongo.secret_name}} key: mongodb-database optional: false # {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} # value: {{ .Values.otf.mongo.prod.database | quote }} # {{else if eq .Values.env "st"}} # value: {{ .Values.otf.mongo.st.database | quote }} # {{ else }} # value: {{ .Values.otf.mongo.dev.database | quote }} # {{ end }} - name: OTF_CAMUNDA_DB_URL #{{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} #value: {{ .Values.otf.camunda.db.prod.url}} #{{else if eq .Values.env "st"}} #value: {{ .Values.otf.camunda.db.st.url}} #{{ else }} #value: {{ .Values.otf.camunda.db.dev.url}} #{{ end }} value: {{ .Values.one_click.mysql.ip | quote }} - name: OTF_CAMUNDA_DB_USERNAME #value: {{ .Values.otf.camunda.db.username}} valueFrom: secretKeyRef: name: {{ .Values.one_click.mysql.secret_name}} key: mysql-username optional: false #valueFrom: # secretKeyRef: # name: {{ .Values.appName}} # key: camunda_db_username # optional: true - name: OTF_CAMUNDA_DB_PASSWORD #value: {{ .Values.otf.camunda.db.password}} valueFrom: secretKeyRef: name: {{ .Values.one_click.mysql.secret_name}} key: mysql-password optional: false #valueFrom: # secretKeyRef: # name: {{ .Values.appName}} # key: camunda_db_password # optional: true - name: AAF_PERM_TYPE {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: {{ .Values.aafPermType.prod | quote }} {{ else if eq .Values.env "st"}} value: {{ .Values.aafPermType.st | quote }} {{ else }} value: {{ .Values.aafPermType.dev | quote }} {{ end }} - name: CADI_HOSTNAME {{if eq .Values.env "prod"}} value: {{ .Values.cadiHostname.prod | quote }} {{else if eq .Values.env "prod-dr"}} value: {{ .Values.cadiHostname.prod_dr | quote }} {{else if eq .Values.env "st"}} value: {{ .Values.cadiHostname.st | quote }} {{ else }} value: {{ .Values.cadiHostname.dev | quote }} {{ end }} - name: AAF_ID valueFrom: secretKeyRef: name: {{ .Values.sharedSecret}} key: aaf_id optional: true - name: AAF_MECH_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.sharedSecret}} key: aaf_mech_password optional: true - name: AAF_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.sharedSecret}} key: aaf_password optional: true - name: CADI_KEYFILE valueFrom: secretKeyRef: name: {{ .Values.sharedSecret}} key: keyfile_secret_path optional: true - name: OTF_CERT_PATH {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}} value: {{ .Values.cert.prod.path | quote }} {{ else if eq .Values.env "st" }} value: {{ .Values.cert.st.path | quote }} {{ else }} value: {{ .Values.cert.dev.path | quote }} {{ end }} - name: OTF_CERT_PASS valueFrom: secretKeyRef: name: {{ .Values.sharedCert}} key: PKCS12_KEY optional: true - name: APP_VERSION value: {{.Values.version}} - name: PRIVATE_KEY value: {{ .Values.Secret.privateKey.path }} - name: PRIVATE_KEY_USERNAME valueFrom: secretKeyRef: name: {{.Values.sharedCert}} key: private_key_username optional: true - name: PRIVATE_KEY_PASSPHRASE valueFrom: secretKeyRef: name: {{.Values.sharedCert}} key: private_key_passphrase optional: true volumeMounts: - name: {{.Values.appName}}-keyfile-volume mountPath: /opt/secret - name: {{.Values.appName}}-cert-volume mountPath: /opt/cert {{ if or (eq .Values.env "st") (eq .Values.env "prod-dr")}} {{else}} #- name: logging-pvc # mountPath: "/otf/logs" {{end}} livenessProbe: httpGet: path: /otf/health/v1 port: http scheme: HTTP httpHeaders: - name: X-Custom-Header value: Alive initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 30 readinessProbe: httpGet: path: /otf/health/v1 port: http scheme: HTTP httpHeaders: - name: X-Custom-Header value: Ready initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 30 restartPolicy: Always terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds}}