/
deployment.yaml
146 lines (142 loc) · 5.34 KB
/
deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# SPDX-FileCopyrightText: Magenta ApS
#
# SPDX-License-Identifier: MPL-2.0
---
{{- if .Values.orggatekeeper.enabled }}
{{- $keycloak_client_id := "integration_orggatekeeper" }}
# TODO: see https://git.magenta.dk/rammearkitektur/os2mo-helm-chart/-/merge_requests/142#note_140651
{{- if not .Values.amqp.enabled }}
{{- fail "Must have AMQP enabled if orggatekeeper is enabled" }}
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: orggatekeeper
labels:
app: orggatekeeper
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: 1
selector:
matchLabels:
app: orggatekeeper
strategy:
type: Recreate
template:
metadata:
labels:
app: orggatekeeper
spec:
containers:
- name: orggatekeeper
image: "{{ .Values.orggatekeeper.image.registry }}/{{ .Values.orggatekeeper.image.repository }}:{{ .Values.orggatekeeper.image.tag }}"
env:
- name: CLIENT_ID
value: "{{ $keycloak_client_id }}"
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: orggatekeeper-client-secret
key: client_secret
- name: AMQP__URL
valueFrom:
secretKeyRef:
name: {{ .Values.amqp.url_secret }}
key: url
- name: ENABLE_HIDE_LOGIC
value: "true"
{{ if .Values.sentry.environment }}
- name: SENTRY_DSN
valueFrom:
secretKeyRef:
name: {{ .Values.sentry.secret }}
key: dsn
- name: SENTRY_ENVIRONMENT
value: {{ .Values.sentry.environment | quote }}
{{ end }}
{{- range $name, $value := .Values.orggatekeeper.environment }}
- name: {{ $name }}
value: {{ $value | quote }}
{{- end }}
ports:
- containerPort: 8000
resources:
{{- toYaml .Values.orggatekeeper.resources | nindent 12 }}
livenessProbe:
httpGet:
path: /health/live
port: 8000
periodSeconds: {{ .Values.orggatekeeper.probes.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.orggatekeeper.probes.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.orggatekeeper.probes.liveness.failureThreshold }}
readinessProbe:
httpGet:
path: /health/ready
port: 8000
periodSeconds: {{ .Values.orggatekeeper.probes.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.orggatekeeper.probes.readiness.timeoutSeconds }}
failureThreshold: {{ .Values.orggatekeeper.probes.readiness.failureThreshold }}
startupProbe:
httpGet:
path: /health/ready
port: 8000
failureThreshold: {{ .Values.orggatekeeper.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.orggatekeeper.probes.startupProbe.periodSeconds }}
initContainers:
{{ include "os2mo.wait-for-keycloak" . | nindent 8 }}
- name: create-client-secret
image: "{{ .Values.keycloak.integrationbuilder.image.registry }}/{{ .Values.keycloak.integrationbuilder.image.repository }}:{{ .Values.keycloak.integrationbuilder.image.tag }}"
env:
{{ include "os2mo.keycloak_terraform_db_connection" . | nindent 12 }}
- name: POSTGRES_SCHEMA_NAME
value: terraform_remote_state_orggatekeeper
# Keycloak REST connection
- name: TF_VAR_admin_password
valueFrom:
secretKeyRef:
name: {{ include "os2mo.keycloak_admin_secret" . }}
key: admin_password
# Configuration of the client
- name: TF_VAR_client_name
value: "{{ $keycloak_client_id }}"
- name: TF_VAR_client_roles
value: '["admin"]'
- name: TF_VAR_client_secret
valueFrom:
secretKeyRef:
name: orggatekeeper-client-secret
key: client_secret
{{ include "os2mo.wait-for-mo" . | nindent 8 }}
- name: os2mo-init
image: "{{ .Values.os2mo.init.image.registry }}/{{ .Values.os2mo.init.image.repository }}:{{ .Values.os2mo.init.image.tag }}"
env:
- name: AUTH_SERVER
value: "http://keycloak-service:8080/auth"
- name: MO_URL
value: "http://mo-service:5000"
- name: CLIENT_ID
value: "{{ $keycloak_client_id }}"
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: orggatekeeper-client-secret
key: client_secret
- name: LORA_URL
value: "http://mo-service:5000/lora"
resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }}
volumeMounts:
- name: orggatekeeper-init-config-volume
mountPath: /config
readOnly: true
volumes:
- name: orggatekeeper-init-config-volume
configMap:
name: orggatekeeper-init-config
items:
- key: config
path: config.yml
{{- end }}