summaryrefslogtreecommitdiffstats
path: root/kubernetes/a1policymanagement/templates/statefulset.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/a1policymanagement/templates/statefulset.yaml')
-rw-r--r--kubernetes/a1policymanagement/templates/statefulset.yaml126
1 files changed, 126 insertions, 0 deletions
diff --git a/kubernetes/a1policymanagement/templates/statefulset.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml
new file mode 100644
index 0000000000..54ee1515bc
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/statefulset.yaml
@@ -0,0 +1,126 @@
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+kind: StatefulSet
+apiVersion: apps/v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ serviceName: {{ include "common.servicename" . }}
+ replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-bootstrap-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
+ | xargs -0)
+ cd /config-input
+ for PFILE in `ls -1`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod o+w /config/${PFILE}
+ done
+ cat /config/application.yaml
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
+ containers:
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsGroup: {{ .Values.groupID }}
+ runAsUser: {{ .Values.userID }}
+ runAsNonRoot: true
+ command:
+ - sh
+ args:
+ - /tmp/scripts/daemon.sh
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /tmp/scripts
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ livenessProbe:
+ httpGet:
+ path: /status
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - name: config
+ mountPath: /opt/app/policy-agent/data/application_configuration.json
+ subPath: application_configuration.json
+ - name: config
+ mountPath: /opt/app/policy-agent/config/application.yaml
+ subPath: application.yaml
+ - name: {{ include "common.fullname" . }}
+ mountPath: "/var/policy-management-service/database"
+ resources: {{ include "common.resources" . | nindent 10 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-policy-conf-input
+ configMap:
+ name: {{ include "common.fullname" . }}-policy-conf
+ - name: {{ include "common.fullname" . }}-envsubst-scripts
+ configMap:
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+ defaultMode: 0555
+ - name: config
+ emptyDir:
+ medium: Memory
+{{- if not .Values.persistence.enabled }}
+ - name: {{ include "common.fullname" . }}
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - {{include "common.PVCTemplate" . | indent 6 | trim }}
+{{- end }}