--- /dev/null
+apiVersion: apps/v1beta1\r
+kind: StatefulSet\r
+metadata:\r
+ name: {{ .Values.appName}}-{{ .Values.env }}\r
+ namespace: {{.Values.namespace}}\r
+ labels:\r
+ app: {{ .Values.appName}}\r
+ version: {{.Values.version}}\r
+spec:\r
+ revisionHistoryLimit: 1\r
+ minReadySeconds: 10\r
+ strategy:\r
+ # indicate which strategy we want for rolling update\r
+ type: RollingUpdate\r
+ rollingUpdate:\r
+ maxSurge: 3\r
+ maxUnavailable: 1\r
+ replicas: {{ .Values.replicas}}\r
+ selector:\r
+ matchLabels:\r
+ app: {{ .Values.appName}}\r
+ version: {{.Values.version}}\r
+ template:\r
+ metadata:\r
+ labels:\r
+ app: {{ .Values.appName}}\r
+ version: {{.Values.version}}\r
+ spec:\r
+ serviceAccount: default\r
+ volumes:\r
+ - name: {{ .Values.appName}}-aaf-volume\r
+ secret:\r
+ secretName: {{.Values.sharedSecret}}\r
+ - name: {{ .Values.appName}}-keyfile-volume\r
+ secret:\r
+ secretName: {{.Values.sharedSecret}}\r
+ optional: true\r
+ items:\r
+ - key: cadi_keyfile\r
+ path: keyfile\r
+ - name: {{ .Values.appName}}-cert-volume\r
+ secret:\r
+ secretName: {{.Values.sharedCert}}\r
+ optional: true\r
+ items:\r
+ - key: PKCS12_CERT\r
+ {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
+ path: {{ .Values.cert.prod.name | quote }}\r
+ {{ else if eq .Values.env "st" }}\r
+ path: {{ .Values.cert.st.name | quote }}\r
+ {{ else }}\r
+ path: {{ .Values.cert.dev.name | quote }}\r
+ {{ end }}\r
+ - key: private_key\r
+ path: {{ .Values.Secret.privateKey.name }}\r
+ - name: {{.Values.appName}}-config-volume\r
+ configMap:\r
+ name: {{.Values.appName}}-config\r
+ items:\r
+ - key: router_config\r
+ path: config.ini\r
+ {{ if or (eq .Values.env "st") (eq .Values.env "prod-dr")}}\r
+ {{else}}\r
+ - name: logging-pvc\r
+ persistentVolumeClaim:\r
+ {{if eq .Values.env "prod"}}\r
+ claimName: {{ .Values.pvc.prod | quote }}\r
+ {{ else }}\r
+ claimName: {{ .Values.pvc.dev | quote }}\r
+ {{ end }}\r
+ {{end}}\r
+ containers:\r
+ - name: mysql-router\r
+ image: {{ .Values.otf.camunda.router.image }}\r
+ imagePullPolicy: Always\r
+ ports:\r
+ - name: http\r
+ containerPort: {{ .Values.otf.camunda.router.port }}\r
+ protocol: TCP\r
+ {{ if eq .Values.env "st"}}\r
+ resources:\r
+ limits:\r
+ memory: "1Gi"\r
+ cpu: "500m"\r
+ requests:\r
+ memory: "512Mi"\r
+ cpu: "100m"\r
+ {{else}}\r
+ resources:\r
+ limits:\r
+ memory: "4Gi"\r
+ cpu: "2"\r
+ requests:\r
+ memory: "2Gi"\r
+ cpu: "1"\r
+ {{end}}\r
+ args: ["--config=/opt/config/config.ini"]\r
+ lifecycle:\r
+ preStop:\r
+ exec:\r
+ command: ["/bin/sh", "-c", {{ "sleep 0" | replace "0" (.Values.terminationGracePeriodSeconds | toString) | quote}} ]\r
+ volumeMounts:\r
+ - name: {{.Values.appName}}-config-volume\r
+ mountPath: /opt/config\r
+ - name: {{ .Values.appName}}\r
+ image: {{ .Values.image}}\r
+ imagePullPolicy: Always\r
+ ports:\r
+ - name: http\r
+ containerPort: {{ .Values.otf.camunda.tcu.port }}\r
+ nodePort: {{.Values.nodePort}}\r
+ protocol: TCP\r
+ {{ if eq .Values.env "st"}}\r
+ resources:\r
+ limits:\r
+ memory: "6Gi"\r
+ cpu: "2.8"\r
+ requests:\r
+ memory: "2Gi"\r
+ cpu: "1.5"\r
+ {{else}}\r
+ resources:\r
+ limits:\r
+ memory: "10Gi"\r
+ cpu: "6"\r
+ requests:\r
+ memory: "4Gi"\r
+ cpu: "2"\r
+ {{end}}\r
+ env:\r
+ - name: ENV\r
+ {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
+ value: "production"\r
+ {{ else if eq .Values.env "st" }}\r
+ value: "system_test"\r
+ {{ else }}\r
+ value: "development"\r
+ {{ end }}\r
+ - name: NAMESPACE\r
+ value: {{.Values.namespace}}\r
+ - name: APP_NAME\r
+ value: {{ .Values.appName}}\r
+ - name: EXECUTORS_ACTIVE\r
+ {{if eq .Values.env "prod"}}\r
+ value: {{ .Values.otf.camunda.executors_active.prod | quote }}\r
+ {{else if eq .Values.env "prod-dr"}}\r
+ value: {{ .Values.otf.camunda.executors_active.prod_dr | quote }}\r
+ {{else if eq .Values.env "st"}}\r
+ value: {{ .Values.otf.camunda.executors_active.st | quote }}\r
+ {{ else }}\r
+ value: {{ .Values.otf.camunda.executors_active.dev | quote }}\r
+ {{ end }}\r
+ - name: OTF_MONGO_USERNAME\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.appName}}\r
+ key: mongo_username\r
+ optional: true\r
+ - name: OTF_MONGO_PASSWORD\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.appName}}\r
+ key: mongo_password\r
+ optional: true\r
+ - name: OTF_MONGO_HOSTS\r
+ {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
+ value: {{ .Values.otf.mongo.prod.host | quote }}\r
+ {{ else if eq .Values.env "st" }}\r
+ value: {{ .Values.otf.mongo.st.host | quote }}\r
+ {{ else }}\r
+ value: {{.Values.otf.mongo.dev.host | quote }}\r
+ {{ end }}\r
+ - name: OTF_MONGO_REPLICASET\r
+ {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
+ value: {{ .Values.otf.mongo.prod.replicaSet | quote }}\r
+ {{ else if eq .Values.env "st"}}\r
+ value: {{ .Values.otf.mongo.st.replicaSet | quote }}\r
+ {{ else }}\r
+ value: {{ .Values.otf.mongo.dev.replicaSet | quote }}\r
+ {{ end }}\r
+ - name: OTF_MONGO_DATABASE\r
+ {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
+ value: {{ .Values.otf.mongo.prod.database | quote }}\r
+ {{else if eq .Values.env "st"}}\r
+ value: {{ .Values.otf.mongo.st.database | quote }}\r
+ {{ else }}\r
+ value: {{ .Values.otf.mongo.dev.database | quote }}\r
+ {{ end }}\r
+ - name: OTF_CAMUNDA_DB_URL\r
+ {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
+ value: {{ .Values.otf.camunda.db.prod.url}}\r
+ {{else if eq .Values.env "st"}}\r
+ value: {{ .Values.otf.camunda.db.st.url}}\r
+ {{ else }}\r
+ value: {{ .Values.otf.camunda.db.dev.url}}\r
+ {{ end }}\r
+ - name: OTF_CAMUNDA_DB_USERNAME\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.appName}}\r
+ key: camunda_db_username\r
+ optional: true\r
+ - name: OTF_CAMUNDA_DB_PASSWORD\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.appName}}\r
+ key: camunda_db_password\r
+ optional: true\r
+ - name: AAF_PERM_TYPE\r
+ {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
+ value: {{ .Values.aafPermType.prod | quote }}\r
+ {{ else if eq .Values.env "st"}}\r
+ value: {{ .Values.aafPermType.st | quote }}\r
+ {{ else }}\r
+ value: {{ .Values.aafPermType.dev | quote }}\r
+ {{ end }}\r
+ - name: CADI_HOSTNAME\r
+ {{if eq .Values.env "prod"}}\r
+ value: {{ .Values.cadiHostname.prod | quote }}\r
+ {{else if eq .Values.env "prod-dr"}}\r
+ value: {{ .Values.cadiHostname.prod_dr | quote }}\r
+ {{else if eq .Values.env "st"}}\r
+ value: {{ .Values.cadiHostname.st | quote }}\r
+ {{ else }}\r
+ value: {{ .Values.cadiHostname.dev | quote }}\r
+ {{ end }}\r
+ - name: AAF_ID\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.sharedSecret}}\r
+ key: aaf_id\r
+ optional: true\r
+ - name: AAF_MECH_PASSWORD\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.sharedSecret}}\r
+ key: aaf_mech_password\r
+ optional: true\r
+ - name: AAF_PASSWORD\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.sharedSecret}}\r
+ key: aaf_password\r
+ optional: true\r
+ - name: CADI_KEYFILE\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.sharedSecret}}\r
+ key: keyfile_secret_path\r
+ optional: true\r
+ - name: OTF_CERT_PATH\r
+ {{if or (eq .Values.env "prod") (eq .Values.env "prod-dr")}}\r
+ value: {{ .Values.cert.prod.path | quote }}\r
+ {{ else if eq .Values.env "st" }}\r
+ value: {{ .Values.cert.st.path | quote }}\r
+ {{ else }}\r
+ value: {{ .Values.cert.dev.path | quote }}\r
+ {{ end }}\r
+ - name: OTF_CERT_PASS\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{ .Values.sharedCert}}\r
+ key: PKCS12_KEY\r
+ optional: true\r
+ - name: APP_VERSION\r
+ value: {{.Values.version}}\r
+ - name: PRIVATE_KEY\r
+ value: {{ .Values.Secret.privateKey.path }}\r
+ - name: PRIVATE_KEY_USERNAME\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{.Values.sharedCert}}\r
+ key: private_key_username\r
+ optional: true\r
+ - name: PRIVATE_KEY_PASSPHRASE\r
+ valueFrom:\r
+ secretKeyRef:\r
+ name: {{.Values.sharedCert}}\r
+ key: private_key_passphrase\r
+ optional: true\r
+ volumeMounts:\r
+ - name: {{.Values.appName}}-keyfile-volume\r
+ mountPath: /opt/secret\r
+ - name: {{.Values.appName}}-cert-volume\r
+ mountPath: /opt/cert\r
+ {{ if or (eq .Values.env "st") (eq .Values.env "prod-dr")}}\r
+ {{else}}\r
+ - name: logging-pvc\r
+ mountPath: "/otf/logs"\r
+ {{end}} \r
+ livenessProbe:\r
+ httpGet:\r
+ path: /otf/health/v1\r
+ port: http\r
+ scheme: HTTPS\r
+ httpHeaders:\r
+ - name: X-Custom-Header\r
+ value: Alive\r
+ initialDelaySeconds: 30\r
+ timeoutSeconds: 30\r
+ periodSeconds: 30\r
+ readinessProbe:\r
+ httpGet:\r
+ path: /otf/health/v1\r
+ port: http\r
+ scheme: HTTPS\r
+ httpHeaders:\r
+ - name: X-Custom-Header\r
+ value: Ready\r
+ initialDelaySeconds: 30\r
+ timeoutSeconds: 30\r
+ periodSeconds: 30\r
+ restartPolicy: Always\r
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds}}\r
Code Review / it / otf.git / blobdiff