{{- if .Values.inboundWorker.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "inbound-worker.appName" . }} namespace: {{ .Release.Namespace }} labels: {{- include "inbound-worker.labels" . | nindent 4 }} spec: {{- if not .Values.inboundWorker.autoscaling.enabled }} replicas: {{ .Values.inboundWorker.replicaCount }} {{- end }} strategy: type: {{ .Values.inboundWorker.strategy.type }} rollingUpdate: maxSurge: {{ .Values.inboundWorker.strategy.rollingUpdate.maxSurge }} maxUnavailable: {{ .Values.inboundWorker.strategy.rollingUpdate.maxUnavailable }} selector: matchLabels: {{- include "inbound-worker.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.inboundWorker.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "inbound-worker.selectorLabels" . | nindent 8 }} spec: terminationGracePeriodSeconds: {{ .Values.inboundWorker.terminationGracePeriodSeconds }} {{- with .Values.global.image.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.inboundWorker.serviceAccount.enabled }} serviceAccountName: {{ include "inbound-worker.serviceAccountName" . }} {{- end }} {{- if .Values.inboundWorker.podSecurityContextEnabled }} securityContext: {{- toYaml .Values.inboundWorker.podSecurityContext | nindent 8 }} {{- end }} dnsConfig: options: - name: use-vc initContainers: - name: {{ .Chart.Name }}-init securityContext: {{- toYaml .Values.inboundWorker.securityContext | nindent 12 }} image: "{{ default .Values.global.image.repository .Values.global.alpinetools.image.repository }}/{{ .Values.global.alpinetools.image.name }}:{{ .Values.global.alpinetools.image.tag }}" imagePullPolicy: {{ .Values.global.image.pullPolicy }} env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name envFrom: - configMapRef: name: configmap-common volumeMounts: - name: {{ .Values.global.volumeStorageName }} mountPath: /efs command: - "/bin/sh" - "-c" - | {{- if .Values.valkey.internal.enabled }} {{ include "dataplane.commonInit" (dict "context" . "buildTag" .Values.inboundWorker.image.buildTag "internal" true "replicas" .Values.valkey.internal.clusterSize) | nindent 14 }} {{- else if .Values.valkey.external.enabled }} {{ include "dataplane.commonInit" (dict "context" . "buildTag" .Values.inboundWorker.image.buildTag) | nindent 14 }} {{- end }} {{- if .Values.fluentBit.enabled }} {{ include "dataplane.createLogDirectory" (dict "serviceName" "inbound" "efsRoot" "${efs_root}" "podName" "${POD_NAME}" "additionalPathParam" "inbound") | nindent 14 }} {{- end }} {{- with .Values.global.initContainers.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} containers: - name: {{ template "inbound-worker.appName" . }} securityContext: {{- toYaml .Values.inboundWorker.securityContext | nindent 12 }} image: "{{ default .Values.global.image.repository .Values.inboundWorker.image.repository }}/{{ .Values.inboundWorker.image.name }}:{{ .Values.inboundWorker.image.buildTag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.global.image.pullPolicy }} envFrom: - secretRef: name: {{ .Values.common.clusterDetails.name }} {{- if .Values.common.email_authentication }} - secretRef: name: {{ .Values.common.fromMail.name }} {{- end }} {{- if .Values.valkey.enabled }} - secretRef: name: {{ .Values.common.datagridCredentials.name }} {{- end }} - configMapRef: name: configmap-common - configMapRef: name: {{ template "inbound-worker.appName" . }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: local_ip valueFrom: fieldRef: fieldPath: status.podIP - name: server_truststore_password valueFrom: secretKeyRef: key: password name: certificate-password - name: server_cert_password valueFrom: secretKeyRef: key: password name: certificate-password - name: sftp_server_cert_password valueFrom: secretKeyRef: key: password name: certificate-password {{- with .Values.inboundWorker.env }} {{- toYaml . | nindent 12 }} {{- end }} ports: - containerPort: 8080 name: internal - containerPort: 9080 name: openapi - containerPort: 9443 name: service - containerPort: 2222 name: ssh - containerPort: 9090 name: xds volumeMounts: - name: {{ .Values.global.volumeStorageName }} mountPath: /efs - name: tmpdir mountPath: /tmp {{- if .Values.inboundWorker.hostPath.enabled }} - name: payloads-txn-data mountPath: "{{ .Values.inboundWorker.ebs_root }}" - name: txn-log-base-path mountPath: "{{ .Values.inboundWorker.txn_log_base_path }}" {{- end }} - mountPath: "/certificate" name: cert - mountPath: "/certificate/{{ .Values.common.certificate.name }}" subPath: {{ .Values.common.certificate.name }} name: domain-certificate resources: {{- toYaml .Values.inboundWorker.resources | nindent 12 }} livenessProbe: {{- toYaml .Values.inboundWorker.livenessProbe | nindent 12 }} startupProbe: {{- toYaml .Values.inboundWorker.startupProbe | nindent 12 }} readinessProbe: {{- toYaml .Values.inboundWorker.readinessProbe | nindent 12 }} volumes: - name: tmpdir emptyDir: {} {{- if .Values.inboundWorker.hostPath.enabled }} - name: payloads-txn-data hostPath: path: /local/dx-data/data type: DirectoryOrCreate - name: txn-log-base-path hostPath: path: /local/dx-data/logs type: DirectoryOrCreate {{- end }} - name: {{ .Values.global.volumeStorageName }} persistentVolumeClaim: claimName: {{ .Release.Namespace }}-{{ .Values.global.claimName }} - name: cert emptyDir: {} - name: domain-certificate secret: secretName: domain-certificate items: - key: {{ .Values.common.certificate.name }} path: {{ .Values.common.certificate.name }} {{- with .Values.inboundWorker.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.inboundWorker.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.inboundWorker.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }}