deploy-templates/templates/app-deployment.yaml (170 lines of code) (raw):
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.name }}-deployment
labels:
app: {{.Values.name}}
version: {{ .Values.version }}
spec:
replicas: 1
selector:
matchLabels:
app: {{.Values.name}}
version: {{ .Values.version }}
strategy:
type: RollingUpdate
template:
metadata:
annotations:
sidecar.istio.io/inject: "true"
traffic.sidecar.istio.io/excludeOutboundPorts: '5432,9093'
labels:
app: {{.Values.name}}
version: {{ .Values.version }}
collect.logs: "json"
spec:
serviceAccountName: {{.Values.name }}
containers:
- name: {{.Values.name }}
image: "{{ .Values.image.name }}:{{ .Values.image.version }}"
ports:
- containerPort: {{ .Values.port }}
protocol: TCP
imagePullPolicy: Always
{{- if not .Values.global.disableRequestsLimits }}
resources:
limits:
cpu: 400m
memory: 800Mi
requests:
cpu: 400m
memory: 800Mi
{{- end }}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
livenessProbe:
httpGet:
path: {{ .Values.probes.liveness.path }}
port: {{ .Values.port }}
failureThreshold: 1
initialDelaySeconds: 180
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: {{ .Values.probes.readiness.path }}
port: {{ .Values.port }}
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 5
volumeMounts:
- mountPath: /app/config/config.yaml
name: config
readOnly: true
subPath: config.yaml
- mountPath: /app/secrets
name: db-credentials
readOnly: true
- mountPath: /app/secrets/fileexcerptceph
name: {{ .Chart.Name }}-file-excerpt-ceph-bucket-credentials
readOnly: true
- mountPath: /app/secrets/excerpttemplatesceph
name: {{ .Chart.Name }}-excerpt-templates-ceph-bucket-credentials
readOnly: true
env:
- name: JAVA_OPTS
value: {{ .Values.java.javaOpts }}
- name: DB_URL
value: {{ .Values.db.url }}
- name: DB_NAME
value: {{ .Values.db.name }}
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: {{ .Values.db.secret }}
key: excerptWorkName
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.secret }}
key: excerptWorkPass
- name: FILE_EXCERPT_CEPH_BUCKET_NAME
valueFrom:
configMapKeyRef:
name: {{ .Values.fileExcerptCeph.bucketName }}
key: BUCKET_NAME
- name: FILE_EXCERPT_CEPH_BUCKET_HOST
valueFrom:
configMapKeyRef:
name: {{ .Values.fileExcerptCeph.bucketName }}
key: BUCKET_HOST
- name: EXCERPT_TEMPLATES_CEPH_BUCKET_NAME
valueFrom:
configMapKeyRef:
name: {{ .Values.excerptTemplatesCeph.bucketName }}
key: BUCKET_NAME
- name: EXCERPT_TEMPLATES_CEPH_BUCKET_HOST
valueFrom:
configMapKeyRef:
name: {{ .Values.excerptTemplatesCeph.bucketName }}
key: BUCKET_HOST
- name: KAFKA_USER_KEYSTORE_CERTIFICATE
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.user }}
key: user.crt
- name: KAFKA_USER_KEYSTORE_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.user }}
key: user.key
- name: KAFKA_CLUSTER_TRUSTSTORE
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.clusterName }}-cluster-ca-cert
key: ca.crt
initContainers:
- name: init-db
image: {{ template "imageRegistry" . -}} busybox
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "while ! nc -w 1 {{ .Values.db.url }} {{ .Values.db.port }} </dev/null; do echo waiting for {{ .Values.db.url }}; sleep 10; done;"]
- name: init-kafka
image: {{ template "imageRegistry" . -}} busybox
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "while ! nc -w 1 {{ .Values.kafka.url }} {{ .Values.kafka.port }} </dev/null; do echo waiting for {{ .Values.kafka.url }}; sleep 10; done;"]
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: config
configMap:
name: excerpt-worker-csv-properties
- name: db-credentials
secret:
secretName: {{ .Values.db.secret }}
items:
- key: excerptWorkPass
path: data-platform.datasource.password
- key: excerptWorkName
path: data-platform.datasource.username
- name: {{ .Chart.Name }}-file-excerpt-ceph-bucket-credentials
secret:
secretName: {{ .Values.fileExcerptCeph.bucketName }}
items:
- key: AWS_ACCESS_KEY_ID
path: file-excerpt-ceph.access-key
- key: AWS_SECRET_ACCESS_KEY
path: file-excerpt-ceph.secret-key
- name: {{ .Chart.Name }}-excerpt-templates-ceph-bucket-credentials
secret:
secretName: {{ .Values.excerptTemplatesCeph.bucketName }}
items:
- key: AWS_ACCESS_KEY_ID
path: excerpt-templates-ceph.access-key
- key: AWS_SECRET_ACCESS_KEY
path: excerpt-templates-ceph.secret-key