deploy-templates/templates/deployment.yaml (129 lines of code) (raw):
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Chart.Name }}
labels:
app: {{ .Chart.Name }}
annotations:
configmap.reloader.stakater.com/reload: "{{ .Chart.Name }}"
spec:
selector:
matchLabels:
app: {{ .Chart.Name }}
{{- if not .Values.global.registry.digitalDocumentService.hpa.enabled }}
replicas: {{ .Values.global.registry.digitalDocumentService.replicas }}
{{- end }}
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
{{- if or .Values.podAnnotations .Values.global.registry.digitalDocumentService.istio.sidecar.enabled }}
annotations:
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if .Values.global.registry.digitalDocumentService.istio.sidecar.enabled }}
traffic.sidecar.istio.io/excludeOutboundPorts: '9092,9093'
sidecar.istio.io/inject: 'true'
{{- include "digitalDocumentService.istioResources" . | nindent 8 }}
{{- end }}
{{- end }}
labels:
app: {{ .Chart.Name }}
collect.logs: "json"
spec:
initContainers:
- command: [ 'sh', '-c', 'while ! nc -w 1 {{ .Values.kafka.service | replace "http://" "" }} </dev/null; do echo waiting for kafka-cluster-kafka-bootstrap; sleep 5; done;' ]
image: busybox
imagePullPolicy: IfNotPresent
name: kafka-cluster-kafka-bootstrap-init
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.name }}:{{ .Values.image.version }}"
ports:
- containerPort: {{ .Values.port }}
name: ui
livenessProbe:
httpGet:
path: {{ .Values.livenessPath }}
port: {{ .Values.port }}
failureThreshold: 10
initialDelaySeconds: 70
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: {{ .Values.readinessPath }}
port: {{ .Values.port }}
failureThreshold: 10
initialDelaySeconds: 70
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
{{- if or .Values.global.registry.digitalDocumentService.container.resources.requests .Values.global.registry.digitalDocumentService.container.resources.limits }}
resources:
{{- toYaml .Values.global.registry.digitalDocumentService.container.resources | nindent 10 }}
{{- end }}
env:
{{- range $name, $value := .Values.global.registry.digitalDocumentService.container.envVars }}
- name: {{ $name }}
value: {{ $value | quote}}
{{- end }}
- name: CEPH_BUCKET_HOST
valueFrom:
configMapKeyRef:
name: {{ .Values.ceph.bucketName }}
key: BUCKET_HOST
- name: CEPH_BUCKET_PORT
valueFrom:
configMapKeyRef:
name: {{ .Values.ceph.bucketName }}
key: BUCKET_PORT
- name: CEPH_BUCKET_NAME
valueFrom:
configMapKeyRef:
name: {{ .Values.ceph.bucketName }}
key: BUCKET_NAME
- name: KAFKA_USER_KEYSTORE_CERTIFICATE
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.user }}
key: user.crt
- name: KAFKA_USER_KEYSTORE_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.user }}
key: user.key
- name: KAFKA_CLUSTER_TRUSTSTORE
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.clusterName }}-cluster-ca-cert
key: ca.crt
volumeMounts:
- name: {{ .Chart.Name }}
mountPath: {{ .Values.appConfigMountPath }}
- name: {{ .Chart.Name }}-ceph-bucket-credentials
mountPath: {{ .Values.cephSecretMountPath }}
serviceAccountName: {{ .Chart.Name }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.podSecurityContext }}
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
volumes:
- name: {{ .Chart.Name }}
configMap:
name: {{ .Chart.Name }}
- name: {{ .Chart.Name }}-ceph-bucket-credentials
secret:
secretName: {{ .Values.ceph.bucketName }}
items:
- key: AWS_ACCESS_KEY_ID
path: ceph.access-key
- key: AWS_SECRET_ACCESS_KEY
path: ceph.secret-key