1 files changed, 154 insertions, 0 deletions
diff --git a/helm/policy/components/policy-distribution/templates/deployment.yaml b/helm/policy/components/policy-distribution/templates/deployment.yaml
new file mode 100755
index 00000000..e8b203ba
--- /dev/null
+++ b/helm/policy/components/policy-distribution/templates/deployment.yaml
@@ -0,0 +1,154 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+        release: release
+    spec:
+      initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: RESTSERVER_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-creds
+              key: login
+        - name: RESTSERVER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-creds
+              key: password
+        - name: API_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-apiparameters-creds
+              key: login
+        - name: API_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-apiparameters-creds
+              key: password
+        - name: PAP_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-papparameters-creds
+              key: login
+        - name: PAP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-papparameters-creds
+              key: password
+        - name: SDCBE_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-sdcbe-creds
+              key: login
+        - name: SDCBE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-sdcbe-creds
+              key: password
+        volumeMounts:
+        - mountPath: /config-input
+          name: distributionconfig-input
+        - mountPath: /config
+          name: distributionconfig
+        image: docker.io/dibi/envsubst:1
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ .Chart.Name }}-update-config
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
+          args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+          ports:
+          - containerPort: {{ .Values.service.internalPort }}
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{- if eq .Values.liveness.enabled true }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end -}}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /opt/app/policy/distribution/etc/mounted
+            name: distributionconfig
+          - mountPath: /opt/app/policy/distribution/etc/temp
+            name: tmpdir
+            readOnly: true
+          resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      serviceAccountName: {{ .Chart.Name }}-read
+      volumes:
+        - name: localtime
+          hostPath:
+             path: /etc/localtime
+        - name: distributionconfig-input
+          configMap:
+            name: {{ .Chart.Name }}-configmap
+            defaultMode: 0755
+        - name: distributionconfig
+          emptyDir:
+            medium: Memory
+        - name: tmpdir
+          hostPath:
+             path: /tmp/distribution
+      imagePullSecrets:
+      - name: "default-docker-registry-key"