helmsdeep/config/shumway/values.yaml.gotmpl

# -*- mode: yaml -*-

replicaCount: 1

image:
  repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/shumway
  tag: d5b74714437b1a1b11689a38297fd2a6c08e0db2
  pullPolicy: IfNotPresent

{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
  - name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}

runopts:
  command : ["/opt/shumway/entrypoint.sh"]

configMap:
  data:
    entrypoint.sh: |
      {{- readFile "entrypoint.sh" | nindent 6 }}      
    loggers.xml: |
      {{- readFile "loggers.xml" | nindent 6 }}      
    logback.xml: |
      {{- readFile "../logs/logback.xml" | nindent 6 }}      

{{- if or .Values.services.postgres.external }}
secret:
  data: 
    db_config: |
      spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/shumway?sslmode=disable
      spring.datasource.username={{ .Values.services.postgres.uniUser }}
      spring.datasource.password={{ .Values.services.postgres.uniPassword }}
      spring.flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/shumway?sslmode=disable
      spring.flyway.user={{ .Values.services.postgres.uniUser }}
      spring.flyway.password={{ .Values.services.postgres.uniPassword }}
      spring.flyway.schemas=shm      
{{- end }}

volumes:
  - name: config-volume
    configMap:
      name: {{ .Release.Name }}
      defaultMode: 0755
{{- if or .Values.services.postgres.external }}
  - name: secret
    secret:
      secretName: {{ .Release.Name }}
{{- end }}

volumeMounts:
  - name: config-volume
    mountPath: /opt/shumway/entrypoint.sh
    subPath: entrypoint.sh
    readOnly: true
  - name: config-volume
    mountPath: /opt/shumway/logback.xml
    subPath: logback.xml
    readOnly: true
  - name: config-volume
    mountPath: /opt/shumway/loggers.xml
    subPath: loggers.xml
    readOnly: true
{{- if or .Values.services.postgres.external }}
  - name: secret
    subPath: db_config
    mountPath: /vault/secrets/application.properties
    readOnly: true
{{- end }}

service:
  type: ClusterIP
  ports:
    - name: api
      port: 8022
    - name: management
      port: 8023

livenessProbe:
  httpGet:
    path: /actuator/health
    port: management

readinessProbe:
  httpGet:
    path: /actuator/health
    port: management

{{- if .Values.services.vault.enabled }}
podAnnotations:
  vault.hashicorp.com/role: "db-app"
  vault.hashicorp.com/agent-inject: "true"
  vault.hashicorp.com/agent-inject-secret-application.properties: "database/creds/db-app-shumway"
  vault.hashicorp.com/agent-inject-template-application.properties: |
    {{`{{- with secret "database/creds/db-app-shumway" -}}
    spring.datasource.url=jdbc:postgresql://postgres-postgresql:5432/shumway?sslmode=disable
    spring.datasource.username={{ .Data.username }}
    spring.datasource.password={{ .Data.password }}
    spring.flyway.url=jdbc:postgresql://postgres-postgresql:5432/shumway?sslmode=disable
    spring.flyway.user={{ .Data.username }}
    spring.flyway.password={{ .Data.password }}
    spring.flyway.schemas=shm
    {{- end }}`}}    
{{- end }}

metrics:
  serviceMonitor:
    enabled: {{ .Values.services.global.metrics.enabled }}
    namespace: {{ .Release.Namespace }}
    additionalLabels:
      release: prometheus
    endpoints:
      - port: "management"
        path: /actuator/prometheus
        scheme: http

ciliumPolicies:
  - filters:
    - port: 5432
      type: TCP
    name: postgres
  - filters:
    - port: 8200
      type: TCP
    name: vault