174 lines
8.6 KiB
YAML
174 lines
8.6 KiB
YAML
{{- if .Values.apiportal.enabled -}}
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: "{{ include "gateway.fullname" . }}-apiportal"
|
|
labels:
|
|
{{- include "gateway.labels" . | nindent 4 }}
|
|
app.kubernetes.io/component: apiportal
|
|
spec:
|
|
replicas: {{ .Values.apiportal.replicaCount }}
|
|
strategy:
|
|
{{- if eq (default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type) "RollingUpdate" }}
|
|
rollingUpdate:
|
|
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apiportal.updateStrategy.rollingUpdate.maxSurge }}
|
|
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apiportal.updateStrategy.rollingUpdate.maxUnavailable }}
|
|
{{- end }}
|
|
type: {{ default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "gateway.selectorLabels" . | nindent 6 }}
|
|
app.kubernetes.io/component: apiportal
|
|
{{- with .Values.apiportal.podLabels }}
|
|
{{- toYaml . | nindent 6 }}
|
|
{{- end }}
|
|
template:
|
|
metadata:
|
|
{{- with .Values.apiportal.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "gateway.selectorLabels" . | nindent 8 }}
|
|
app.kubernetes.io/component: apiportal
|
|
{{- with .Values.apiportal.podLabels }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.global.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "gateway.apiportal.serviceAccountName" . }}
|
|
securityContext:
|
|
{{- toYaml .Values.apiportal.podSecurityContext | nindent 8 }}
|
|
containers:
|
|
- name: "{{ include "gateway.fullname" . }}-apiportal"
|
|
securityContext:
|
|
{{- toYaml .Values.apiportal.securityContext | nindent 12 }}
|
|
command: ["/usr/local/bin/entrypoint.sh", "apiportal"]
|
|
{{- with .Values.apiportal.livenessProbe }}
|
|
livenessProbe:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.apiportal.readinessProbe }}
|
|
readinessProbe:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.apiportal.resources | nindent 12 }}
|
|
env:
|
|
# Same mysql database has been used for both metrics and apiportal
|
|
{{- if .Values.apiportal.mysql.enabled }}
|
|
- name: MYSQL_HOST
|
|
value: {{ tpl .Values.global.database.host . | quote }}
|
|
- name: MYSQL_PORT
|
|
value: {{ .Values.global.database.port | quote }}
|
|
- name: MYSQL_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gateway.apiportal.secretName" . }}
|
|
key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
|
|
- name: MYSQL_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gateway.apiportal.secretName" . }}
|
|
key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
|
|
- name: MYSQL_DATABASE
|
|
value: {{ .Values.apiportal.mysql.databaseName | quote }}
|
|
- name: MYSQL_SSL_ON
|
|
value: {{ .Values.apiportal.mysql.sslOn | quote }}
|
|
- name: MYSQL_SSL_VERIFY_CERT
|
|
value: {{ .Values.apiportal.mysql.sslVerifyCert | quote }}
|
|
{{- end }}
|
|
{{- if .Values.apiportal.redis.enabled }}
|
|
- name: REDIS_CONFIGURED
|
|
value: "1"
|
|
- name: REDIS_ON
|
|
value: "1"
|
|
- name: REDIS_HOST
|
|
value: {{ required "A redis host should be specified" .Values.apiportal.redis.host | quote }}
|
|
- name: REDIS_PORT
|
|
value: {{ default "6379" .Values.apiportal.redis.port | quote }}
|
|
- name: REDIS_CACHE_TIMEOUT_SEC
|
|
value: {{ default "600" .Values.apiportal.redis.cacheTimeout | quote }}
|
|
{{- end }}
|
|
- name: APACHE_SSL_ON
|
|
value: {{ .Values.apiportal.apache.sslOn | quote }}
|
|
- name: APIMANAGER_CONFIGURED
|
|
value: {{ default "1" .Values.apiportal.apiManager.configured | quote }}
|
|
- name: API_WHITELIST_CONFIGURED
|
|
value: "1"
|
|
- name: API_WHITELIST
|
|
value: "apitraffic.{{ .Values.global.domainName }}"
|
|
- name: APIMANAGER_NAME
|
|
value: {{ .Values.apiportal.apiManager.name | quote }}
|
|
- name: APIMANAGER_HOST
|
|
value: "{{ include "gateway.fullname" . }}-apimgr"
|
|
- name: APIMANAGER_PORT
|
|
value: {{ .Values.apimgr.service.ports.ui.port | quote }}
|
|
- name: HTTP_PORT
|
|
value: {{ .Values.apiportal.service.ports.http.port | quote }}
|
|
- name: HTTPS_PORT
|
|
value: {{ .Values.apiportal.service.ports.https.port | quote }}
|
|
- name: HTTPS_FORCE_PORT
|
|
value: {{ .Values.apiportal.service.ports.force.port | quote }}
|
|
- name: T4_DOWNLOADED
|
|
value: {{ .Values.apiportal.t4_downloaded | quote }}
|
|
{{- if .Values.apiportal.extraEnvVars }}
|
|
{{- toYaml .Values.apiportal.extraEnvVars | nindent 12 }}
|
|
{{- end }}
|
|
image: "{{ default .Values.global.defaultRegistry .Values.apiportal.image.registry }}/{{ .Values.apiportal.image.repository }}:{{ .Values.apiportal.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
|
ports:
|
|
- name: "apiportal"
|
|
containerPort: {{ .Values.apiportal.service.ports.force.port }}
|
|
protocol: TCP
|
|
volumeMounts:
|
|
{{- $mounts := list }}
|
|
{{- if .Values.apiportal.mysql.sslOn }}
|
|
{{- $mounts = append $mounts (dict "name" "mysql-certs" "mountPath" "/opt/axway/apiportal/certs/mysql/mysql-ca.pem" "subPath" "mysql-ca.pem") }}
|
|
{{- end }}
|
|
{{- if .Values.apiportal.apache.sslOn }}
|
|
{{- $mounts = append $mounts (dict "name" "apache" "mountPath" "/opt/axway/apiportal/certs/apache/") }}
|
|
{{- end }}
|
|
{{- include "gateway.volumeMounts" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $mounts | default list | toYaml | nindent 12 }}
|
|
initContainers:
|
|
- name: init-mysql
|
|
image: {{ .Values.global.initContainers.image | quote }}
|
|
command: [ 'sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port }}; do echo waiting for MySQL; sleep 2; done;' ]
|
|
{{- with .Values.global.initContainers.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.global.initContainers.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.apiportal.apiManager.configured }}
|
|
- name: init-apimanager
|
|
image: {{ .Values.global.initContainers.image | quote }}
|
|
command: [ 'sh', '-c', 'until nc -w 3 -v {{ include "gateway.fullname" . }}-apimgr 8075; do echo waiting for API Manager; sleep 2; done;' ]
|
|
{{- with .Values.global.initContainers.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.global.initContainers.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- with .Values.apiportal.extraInitContainers }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
{{- $vols := list }}
|
|
{{- if .Values.apiportal.mysql.sslOn }}
|
|
{{- $vols = append $vols (dict "name" "mysql-certs" "secret" (dict "secretName" "mysql-ca-cert" "items" (list (dict "key" "mysql-ca.pem" "path" "mysql-ca.pem")))) }}
|
|
{{- end }}
|
|
{{- if .Values.apiportal.apache.sslOn }}
|
|
{{- $vols = append $vols (dict "name" "apache" "secret" (dict "secretName" "apache" "items" (list (dict "key" "tls.key" "path" "apache.key") (dict "key" "tls.crt" "path" "apache.crt")))) }}
|
|
{{- end }}
|
|
{{- include "gateway.volumes" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $vols | default list | toYaml | nindent 8 }}
|
|
{{- end }}
|