deploy-templates/templates/deployment.yaml (142 lines of code) (raw):
{{- if or (not .Values.global.excludePortals) (not (has "citizen" .Values.global.excludePortals)) (not (has "officer" .Values.global.excludePortals)) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.name }}-deployment
labels:
app: {{ .Values.name }}
version: {{ .Values.version }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Values.name }}
version: {{ .Values.version }}
strategy:
type: RollingUpdate
template:
metadata:
annotations:
sidecar.istio.io/inject: "true"
traffic.sidecar.istio.io/excludeOutboundPorts: '5432,6379'
labels:
app: {{ .Values.name }}
version: {{ .Values.version }}
collect.logs: "json"
spec:
serviceAccountName: {{ .Values.name }}
containers:
- name: {{ .Values.name }}
image: "{{ .Values.image.name }}:{{ .Values.image.version }}"
imagePullPolicy: Always
ports:
- containerPort: {{ .Values.port }}
protocol: TCP
livenessProbe:
httpGet:
path: {{ .Values.probes.liveness.path }}
port: {{ .Values.port }}
failureThreshold: 1
initialDelaySeconds: 180
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: {{ .Values.probes.readiness.path }}
port: {{ .Values.port }}
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 5
{{- if not .Values.global.disableRequestsLimits }}
resources:
limits:
cpu: 400m
memory: 800Mi
requests:
cpu: 400m
memory: 800Mi
{{- end }}
env:
- name: JAVA_OPTS
value: {{ .Values.java.javaOpts }}
- name: KAFKA_USER_KEYSTORE_CERTIFICATE
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.user }}
key: user.crt
- name: KAFKA_USER_KEYSTORE_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.user }}
key: user.key
- name: KAFKA_CLUSTER_TRUSTSTORE
valueFrom:
secretKeyRef:
name: {{ .Values.kafka.clusterName }}-cluster-ca-cert
key: ca.crt
- name: DB_URL
value: {{ .Values.db.url }}
- name: DB_NAME
value: {{ .Values.db.name }}
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: {{ .Values.db.secret }}
key: settRoleName
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.secret }}
key: settRolePass
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.redis.secretName }}
key: password
- name: REDIS_NODE
value: rfs-redis-sentinel.{{ .Release.Namespace }}.svc:26379
volumeMounts:
- mountPath: /app/config/config.yaml
name: config
readOnly: true
subPath: config.yaml
- mountPath: /app/secrets
name: db-credentials
readOnly: true
- name: {{ .Chart.Name }}-redis-credentials
mountPath: {{ .Values.redisSecretsMountPath }}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
initContainers:
- name: init
image: {{ template "imageRegistry" . -}} busybox
imagePullPolicy: IfNotPresent
command: [ "sh", "-c" ]
args: [ "while ! nc -w 1 {{ .Values.db.url }} {{ .Values.db.port }} </dev/null; do echo waiting for database; sleep 10; done;" ]
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: config
configMap:
name: user-settings-service-api-properties
- name: db-credentials
secret:
secretName: {{ .Values.db.secret }}
items:
- key: settRolePass
path: data-platform.datasource.password
- key: settRoleName
path: data-platform.datasource.username
- name: {{ .Chart.Name }}-redis-credentials
secret:
secretName: {{ .Values.redis.secretName }}
items:
- key: password
path: redis.password
{{- end }}