/
deployment.yaml
150 lines (144 loc) · 5.53 KB
/
deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# SPDX-FileCopyrightText: Magenta ApS
#
# SPDX-License-Identifier: MPL-2.0
---
{{- if .Values.sd_changed_at.enabled }}
{{- $keycloak_client_id := "integration_sd_changed_at" }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: sd-changed-at
labels:
app: sd-changed-at
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app: sd-changed-at
strategy:
type: Recreate
template:
metadata:
labels:
app: sd-changed-at
spec:
containers:
- name: sd-changed-at
image: "{{ .Values.sd_changed_at.image.registry }}/{{ .Values.sd_changed_at.image.repository }}:{{ .Values.sd_changed_at.image.tag }}"
env:
{{- if not .Values.sd_changed_at.sd_global_from_date }}
{{- fail "SD_GLOBAL_FROM_DATE must be set" }}
{{- end }}
{{- if not .Values.sd_changed_at.sd_job_function }}
{{- fail "SD_JOB_FUNCTION must be set" }}
{{- end }}
{{- if not .Values.sd_changed_at.sd_monthly_hourly_divide }}
{{- fail "SD_MONTHLY_HOURLY_DIVIDE must be set" }}
{{- end }}
{{- if not .Values.sd_changed_at.sd_import_run_db }}
{{- fail "SD_IMPORT_RUN_DB must be set" }}
{{- end }}
- name: SD_GLOBAL_FROM_DATE
value: "{{ .Values.sd_changed_at.sd_global_from_date }}"
- name: SD_JOB_FUNCTION
value: "{{ .Values.sd_changed_at.sd_job_function }}"
- name: SD_MONTHLY_HOURLY_DIVIDE
value: "{{ .Values.sd_changed_at.sd_monthly_hourly_divide }}"
- name: SD_IMPORT_RUN_DB
value: "{{ .Values.sd_changed_at.sd_import_run_db }}"
{{ if .Values.sentry.environment }}
- name: SENTRY_DSN
valueFrom:
secretKeyRef:
name: {{ .Values.sentry.secret }}
key: dsn
- name: SENTRY_ENVIRONMENT
value: {{ .Values.sentry.environment | quote }}
{{ end }}
- name: MO_URL
value: "http://mo-service:5000"
- name: AUTH_SERVER
value: "http://keycloak-service:8080/auth"
- name: AUTH_REALM
value: "mo"
- name: CLIENT_ID
value: "{{ $keycloak_client_id }}"
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: sd-changed-at-client-secret
key: client_secret
# The three ENVs below require an sd-secret created in Flux
- name: SD_USER
valueFrom:
secretKeyRef:
name: {{ .Values.sd_changed_at.sd_secret_name }}
key: sd_username
- name: SD_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.sd_changed_at.sd_secret_name }}
key: sd_password
- name: SD_INSTITUTION_IDENTIFIER
valueFrom:
secretKeyRef:
name: {{ .Values.sd_changed_at.sd_secret_name }}
key: sd_institution
{{- range $name, $value := .Values.sd_changed_at.environment }}
- name: {{ $name }}
value: {{ $value | quote }}
{{- end }}
ports:
- containerPort: 5000
resources:
{{- toYaml .Values.sd_changed_at.resources | nindent 12 }}
volumeMounts:
- name: sd-pv
mountPath: "/mnt/dipex"
initContainers:
{{ include "os2mo.wait-for-keycloak" . | nindent 8 }}
{{ include "os2mo.wait-for-mo" . | nindent 8 }}
- name: create-client-secret
image: "{{ .Values.keycloak.integrationbuilder.image.registry }}/{{ .Values.keycloak.integrationbuilder.image.repository }}:{{ .Values.keycloak.integrationbuilder.image.tag }}"
env:
{{ include "os2mo.keycloak_terraform_db_connection" . | nindent 12 }}
- name: POSTGRES_SCHEMA_NAME
value: terraform_remote_state_sd_changed_at
# Keycloak REST connection
- name: TF_VAR_admin_password
valueFrom:
secretKeyRef:
name: {{ include "os2mo.keycloak_admin_secret" . }}
key: admin_password
# Configuration of the client
- name: TF_VAR_client_name
value: "{{ $keycloak_client_id }}"
- name: TF_VAR_client_roles
value: '["admin"]'
- name: TF_VAR_client_secret
valueFrom:
secretKeyRef:
name: sd-changed-at-client-secret
key: client_secret
resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }}
- name: prepare-run-db
image: "{{ .Values.sd_changed_at.init.image.registry }}/{{ .Values.sd_changed_at.init.image.repository }}:{{ .Values.sd_changed_at.init.image.tag }}"
env:
- name: SD_GLOBAL_FROM_DATE
value: "{{ .Values.sd_changed_at.sd_global_from_date }}"
- name: SD_IMPORT_RUN_DB
value: "{{ .Values.sd_changed_at.sd_import_run_db }}"
resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }}
volumeMounts:
- name: sd-pv
mountPath: "/mnt/dipex"
volumes:
- name: sd-pv
persistentVolumeClaim:
claimName: sd-pvc
{{- end }}