apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Chart.Name }} annotations: secret.reloader.stakater.com/reload: "trembita-registries-secrets,external-systems-secrets" configmap.reloader.stakater.com/reload: "trembita-registries-configuration,external-systems-configuration,diia-configuration" labels: app: {{ .Chart.Name }} spec: selector: matchLabels: app: {{ .Chart.Name }} {{- if not .Values.global.registry.bpms.hpa.enabled }} replicas: {{ .Values.global.registry.bpms.replicas }} {{- end }} strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: {{- if or .Values.podAnnotations .Values.global.registry.bpms.istio.sidecar.enabled }} annotations: {{- range $key, $value := .Values.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- if .Values.global.registry.bpms.istio.sidecar.enabled }} traffic.sidecar.istio.io/excludeOutboundPorts: '5432,6379' sidecar.istio.io/inject: 'true' {{- include "bpms.istioResources" . | nindent 8 }} {{- end }} {{- end }} labels: app: {{ .Chart.Name }} collect.logs: "json" spec: initContainers: - command: - sh - '-c' - >- while ! nc -w 1 {{ .Values.db.url }} {{ .Values.db.port }} </dev/null; do echo waiting for database; sleep 10; done; image: {{ template "imageRegistry" . -}} busybox imagePullPolicy: IfNotPresent name: {{ .Chart.Name }}-init - name: update-history-level image: {{ template "imageRegistry" . -}} bitnami/postgresql:latest env: - name: PSQL_USER valueFrom: secretKeyRef: name: {{ .Values.db.secret }} key: user - name: PGPASSWORD valueFrom: secretKeyRef: name: {{ .Values.db.secret }} key: password imagePullPolicy: IfNotPresent command: - 'sh' - '-c' - >- psql {{ .Values.db.name }} -U $PSQL_USER --host={{ .Values.db.url }} -f /app/update-history-level.sql volumeMounts: - name: update-history-level-configmap mountPath: /app/update-history-level.sql subPath: update-history-level.sql containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.name }}:{{ .Values.image.version }}" ports: - containerPort: {{ .Values.port }} name: {{ .Chart.Name }} livenessProbe: httpGet: path: {{ .Values.livenessPath }} port: {{ .Values.port }} failureThreshold: 10 initialDelaySeconds: 65 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readinessProbe: httpGet: path: {{ .Values.readinessPath }} port: {{ .Values.port }} failureThreshold: 10 initialDelaySeconds: 65 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 {{- if or .Values.global.registry.bpms.container.resources.requests .Values.global.registry.bpms.container.resources.limits }} resources: {{- toYaml .Values.global.registry.bpms.container.resources | nindent 10 }} {{- end }} env: {{- range $name, $value := .Values.global.registry.bpms.container.envVars }} - name: {{ $name }} value: {{ $value | quote}} {{- end }} - name: CEPH_BUCKET_HOST valueFrom: configMapKeyRef: name: {{ .Values.fileStorage.bucketName }} key: BUCKET_HOST - name: CEPH_BUCKET_PORT valueFrom: configMapKeyRef: name: {{ .Values.fileStorage.bucketName }} key: BUCKET_PORT - name: ceph.file-storage-bucket valueFrom: configMapKeyRef: name: {{ .Values.fileStorage.bucketName }} key: BUCKET_NAME - name: KAFKA_USER_KEYSTORE_CERTIFICATE valueFrom: secretKeyRef: name: {{ .Values.kafka.user }} key: user.crt - name: KAFKA_USER_KEYSTORE_KEY valueFrom: secretKeyRef: name: {{ .Values.kafka.user }} key: user.key - name: KAFKA_CLUSTER_TRUSTSTORE valueFrom: secretKeyRef: name: {{ .Values.kafka.clusterName }}-cluster-ca-cert key: ca.crt - name: kubernetes.namespace.current valueFrom: fieldRef: fieldPath: metadata.namespace - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.redis.secretName }} key: password volumeMounts: - name: {{ .Chart.Name }} mountPath: {{ .Values.appConfigMountPath }} - name: {{ .Values.db.secret }} mountPath: {{ .Values.appSecretsMountPath }} - name: {{ .Chart.Name }}-camunda-global-system-vars mountPath: {{ .Values.camundaVarsMountPath }} - name: {{ .Values.fileStorage.bucketName }}-credentials mountPath: {{ .Values.fileStorageSecretMountPath }} - name: {{ .Values.keycloak.citizenClient.secretName }} mountPath: {{ .Values.citizenKeycloakClientSecretsMountPath }} - name: {{ .Values.keycloak.officerClient.secretName }} mountPath: {{ .Values.officerKeycloakClientSecretsMountPath }} - name: {{ .Values.keycloak.systemUserClient.secretName }} mountPath: {{ .Values.systemUserKeycloakClientSecretsMountPath }} - name: {{ .Values.keycloak.officerSystemClient.secretName }} mountPath: {{ .Values.officerSystemClientSecretsMountPath }} - name: {{ .Values.officerConfigMapName }} mountPath: {{ .Values.officerConfigMountPath }} - name: {{ .Values.citizenConfigMapName }} mountPath: {{ .Values.citizenConfigMountPath }} - name: {{ .Chart.Name }}-redis-credentials mountPath: {{ .Values.redisSecretsMountPath }} {{- if .Values.trembita }} {{- if .Values.trembita.registries }} {{- $trembitaSecret := (lookup "v1" "Secret" .Values.namespace "trembita-registries-secrets") }} {{- if $trembitaSecret }} - name: bpms-{{ .Values.registrySecrets.trembitaRegistriesSecretsName }} mountPath: "{{ .Values.registrySecrets.secretRootPath }}/{{ .Values.registrySecrets.trembitaRegistriesSecretsName }}" {{- end }} - name: {{ .Values.registryConfigs.trembitaRegistriesConfigurationName }} mountPath: "{{ .Values.registryConfigs.configRootPath }}/{{ .Values.registryConfigs.trembitaRegistriesConfigurationName }}" {{- end }} {{- end }} - name: {{ .Values.registryConfigs.notificationBlacklistConfigurationName }} mountPath: "{{ .Values.registryConfigs.configRootPath }}/{{ .Values.registryConfigs.notificationBlacklistConfigurationName }}" {{- if (index .Values "external-systems").diia }} - name: {{ .Values.registryConfigs.diiaConfigurationName }} mountPath: "{{ .Values.registryConfigs.configRootPath }}/{{ .Values.registryConfigs.diiaConfigurationName }}" {{- end }} {{- if (index .Values "external-systems") }} - name: {{ .Values.registryConfigs.externalSystemsConfigurationName }} mountPath: "{{ .Values.registryConfigs.configRootPath }}/{{ .Values.registryConfigs.externalSystemsConfigurationName }}" - name: {{ .Values.registryConfigs.externalSystemsEndpointConfigurationName }} mountPath: "{{ .Values.registryConfigs.configRootPath }}/{{ .Values.registryConfigs.externalSystemsEndpointConfigurationName }}" {{- $externalSystemsSecret := (lookup "v1" "Secret" .Values.namespace "external-systems-secrets") }} {{- if $externalSystemsSecret }} - name: bpms-{{ .Values.registrySecrets.externalSystemsSecretsName }} mountPath: "{{ .Values.registrySecrets.secretRootPath }}/{{ .Values.registrySecrets.externalSystemsSecretsName }}" {{- end }} {{- end }} serviceAccountName: {{ .Chart.Name }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.podSecurityContext }} securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} {{- end }} volumes: - name: {{ .Chart.Name }} configMap: name: {{ .Chart.Name }} - name: {{ .Values.db.secret }} secret: secretName: {{ .Values.db.secret }} items: - key: user path: spring.datasource.username - key: password path: spring.datasource.password - name: {{ .Values.fileStorage.bucketName }}-credentials secret: secretName: {{ .Values.fileStorage.bucketName }} items: - key: AWS_ACCESS_KEY_ID path: ceph.file-storage-access-key - key: AWS_SECRET_ACCESS_KEY path: ceph.file-storage-secret-key - name: {{ .Chart.Name }}-camunda-global-system-vars configMap: name: {{ .Chart.Name }}-camunda-global-system-vars - name: {{ .Values.keycloak.citizenClient.secretName }} secret: secretName: {{ .Values.keycloak.citizenClient.secretName }} items: - key: clientSecret path: keycloak.citizen.client-secret - name: {{ .Values.keycloak.officerClient.secretName }} secret: secretName: {{ .Values.keycloak.officerClient.secretName }} items: - key: clientSecret path: keycloak.officer.client-secret - name: {{ .Values.keycloak.systemUserClient.secretName }} secret: secretName: {{ .Values.keycloak.systemUserClient.secretName }} items: - key: clientSecret path: keycloak.system-user.client-secret - name: {{ .Values.keycloak.officerSystemClient.secretName }} secret: secretName: {{ .Values.keycloak.officerSystemClient.secretName }} items: - key: clientSecret path: keycloak.officer-system-client.client-secret - name: {{ .Values.officerConfigMapName }} configMap: name: {{ .Values.officerConfigMapName }} - name: {{ .Values.citizenConfigMapName }} configMap: name: {{ .Values.citizenConfigMapName }} {{- if .Values.trembita }} - name: {{ .Values.registryConfigs.trembitaRegistriesConfigurationName }} configMap: name: {{ .Values.registryConfigs.trembitaRegistriesConfigurationName }} {{- $trembitaSecret := (lookup "v1" "Secret" .Values.namespace "trembita-registries-secrets") }} {{- if $trembitaSecret }} - name: bpms-{{ .Values.registrySecrets.trembitaRegistriesSecretsName }} secret: secretName: {{ .Values.registrySecrets.trembitaRegistriesSecretsName }} {{- end }} {{- end }} - name: {{ .Values.registryConfigs.notificationBlacklistConfigurationName }} configMap: name: {{ .Values.registryConfigs.notificationBlacklistConfigurationName }} {{- if (index .Values "external-systems").diia }} - name: {{ .Values.registryConfigs.diiaConfigurationName }} configMap: name: {{ .Values.registryConfigs.diiaConfigurationName }} {{- end }} {{- if (index .Values "external-systems") }} - name: {{ .Values.registryConfigs.externalSystemsConfigurationName }} configMap: name: {{ .Values.registryConfigs.externalSystemsConfigurationName }} - name: {{ .Values.registryConfigs.externalSystemsEndpointConfigurationName }} configMap: name: {{ .Values.registryConfigs.externalSystemsEndpointConfigurationName }} {{- $externalSystemsSecret := (lookup "v1" "Secret" .Values.namespace "external-systems-secrets") }} {{- if $externalSystemsSecret }} - name: bpms-{{ .Values.registrySecrets.externalSystemsSecretsName }} secret: secretName: {{ .Values.registrySecrets.externalSystemsSecretsName }} {{- end }} {{- end }} - name: {{ .Chart.Name }}-redis-credentials secret: secretName: {{ .Values.redis.secretName }} items: - key: password path: redis.password - name: update-history-level-configmap configMap: name: update-history-level-configmap