2021-07-08 01:10:39 +00:00
|
|
|
# -*- mode: yaml -*-
|
|
|
|
|
|
|
|
|
|
replicaCount: 1
|
|
|
|
|
|
|
|
|
|
image:
|
|
|
|
|
repository: docker.io/rbkmoney/dark-api
|
2021-09-09 17:44:45 +00:00
|
|
|
tag: 933d0b9506ba312d69dfd46c5432ced36e3fce64
|
2021-07-08 01:10:39 +00:00
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
|
|
|
|
|
runopts:
|
|
|
|
|
command: ["/opt/dark-api/entrypoint.sh"]
|
|
|
|
|
|
|
|
|
|
configMap:
|
|
|
|
|
data:
|
|
|
|
|
entrypoint.sh: |
|
2021-09-09 17:44:45 +00:00
|
|
|
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
|
2021-07-08 01:10:39 +00:00
|
|
|
loggers.xml: |
|
|
|
|
|
{{- readFile "loggers.xml" | nindent 6 }}
|
|
|
|
|
logback.xml: |
|
|
|
|
|
{{- readFile "../logs/logback.xml" | nindent 6 }}
|
|
|
|
|
fetchKeycloakPubkey: |
|
|
|
|
|
{{- readFile "../api-common/fetch-keycloak-pubkey.sh" | nindent 6 }}
|
|
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
- name: LOGBACK_SERVICE_NAME
|
|
|
|
|
value: "dark-api"
|
|
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
|
- name: config-volume
|
|
|
|
|
configMap:
|
|
|
|
|
name: {{ .Release.Name }}
|
|
|
|
|
defaultMode: 0755
|
|
|
|
|
- name: keycloak-pubkey
|
|
|
|
|
emptyDir: {}
|
|
|
|
|
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: config-volume
|
|
|
|
|
mountPath: /opt/dark-api/entrypoint.sh
|
|
|
|
|
subPath: entrypoint.sh
|
|
|
|
|
readOnly: true
|
|
|
|
|
- name: config-volume
|
|
|
|
|
mountPath: /opt/dark-api/logback.xml
|
|
|
|
|
subPath: logback.xml
|
|
|
|
|
readOnly: true
|
|
|
|
|
- name: config-volume
|
|
|
|
|
mountPath: /opt/dark-api/loggers.xml
|
|
|
|
|
subPath: loggers.xml
|
|
|
|
|
readOnly: true
|
|
|
|
|
- name: keycloak-pubkey
|
|
|
|
|
mountPath: /var/lib/dark-api/keys/keycloak
|
|
|
|
|
readOnly: true
|
|
|
|
|
|
|
|
|
|
apiInitContainers:
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
service:
|
|
|
|
|
ports:
|
|
|
|
|
- name: api
|
|
|
|
|
port: 8080
|
|
|
|
|
- name: management
|
|
|
|
|
port: 8023
|
|
|
|
|
|
2021-09-09 17:44:45 +00:00
|
|
|
{{ $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain }}
|
|
|
|
|
{{ $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain }}
|
|
|
|
|
|
2021-07-08 01:10:39 +00:00
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
|
|
|
|
annotations:
|
|
|
|
|
{{- if .Values.services.ingress.tls.letsEncrypt.enabled }}
|
|
|
|
|
cert-manager.io/cluster-issuer: {{ .Values.services.ingress.tls.letsEncrypt.issuer }}
|
|
|
|
|
{{- end }}
|
2021-09-09 17:44:45 +00:00
|
|
|
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST"
|
|
|
|
|
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
|
|
|
|
|
nginx.ingress.kubernetes.io/cors-allow-headers: "content-type,content-disposition,authorization,x-request-id"
|
|
|
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
more_set_headers "Access-Control-Allow-Origin: $http_origin";
|
2021-07-08 01:10:39 +00:00
|
|
|
kubernetes.io/ingress.class: {{ .Values.services.ingress.class | quote }}
|
|
|
|
|
hosts:
|
2021-09-09 17:44:45 +00:00
|
|
|
- host: api.{{ $ingressDomain | default "rbk.dev" }}
|
2021-07-08 01:10:39 +00:00
|
|
|
paths:
|
|
|
|
|
- /dark-api
|
|
|
|
|
{{- if .Values.services.ingress.tls.enabled }}
|
|
|
|
|
tls:
|
|
|
|
|
{{ if .Values.services.ingress.tls.letsEncrypt.enabled }}
|
2021-09-09 17:44:45 +00:00
|
|
|
- secretName: api-{{ .Values.services.ingress.tls.secretName }}
|
2021-07-08 01:10:39 +00:00
|
|
|
{{- else }}
|
|
|
|
|
- secretName: {{ .Values.services.ingress.tls.secretName }}
|
|
|
|
|
{{- end }}
|
|
|
|
|
hosts:
|
2021-09-09 17:44:45 +00:00
|
|
|
- api.{{ $ingressDomain | default "rbk.dev" }}
|
2021-07-08 01:10:39 +00:00
|
|
|
{{- end }}
|
|
|
|
|
servicePort: 8080
|
|
|
|
|
|
|
|
|
|
livenessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
path: /actuator/health
|
|
|
|
|
port: management
|
|
|
|
|
|
|
|
|
|
readinessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
path: /actuator/health
|
|
|
|
|
port: management
|
|
|
|
|
|
|
|
|
|
metrics:
|
|
|
|
|
serviceMonitor:
|
|
|
|
|
enabled: false
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
additionalLabels:
|
|
|
|
|
release: prometheus
|
|
|
|
|
endpoints:
|
|
|
|
|
- port: "management"
|
|
|
|
|
path: /actuator/prometheus
|
|
|
|
|
scheme: http
|
|
|
|
|
|
|
|
|
|
ciliumPolicies:
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: magista
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: claim-management
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: messages
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: questionary-aggr-proxy
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: questionary
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: file-storage
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: hellgate
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: cabi
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: dominant
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8022
|
|
|
|
|
type: TCP
|
|
|
|
|
name: dudoser
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
|
- filters:
|
|
|
|
|
- port: 8080
|
|
|
|
|
type: TCP
|
|
|
|
|
name: keycloak
|
|
|
|
|
namespace: {{ .Release.Namespace }}
|
