helmsdeep/config/dark-api/values.yaml.gotmpl

# -*- mode: yaml -*-

replicaCount: 1

image:
  repository: docker.io/rbkmoney/dark-api
  tag: 933d0b9506ba312d69dfd46c5432ced36e3fce64
  pullPolicy: IfNotPresent

runopts:
  command: ["/opt/dark-api/entrypoint.sh"]

configMap:
  data:
    entrypoint.sh: |
      {{- tpl  (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}      
    loggers.xml: |
      {{- readFile "loggers.xml" | nindent 6 }}      
    logback.xml: |
      {{- readFile "../logs/logback.xml" | nindent 6 }}      
    fetchKeycloakPubkey: |
      {{- readFile "../api-common/fetch-keycloak-pubkey.sh" | nindent 6 }}      

env:
  - name: LOGBACK_SERVICE_NAME
    value: "dark-api"

volumes:
  - name: config-volume
    configMap:
      name: {{ .Release.Name }}
      defaultMode: 0755
  - name: keycloak-pubkey
    emptyDir: {}

volumeMounts:
  - name: config-volume
    mountPath: /opt/dark-api/entrypoint.sh
    subPath: entrypoint.sh
    readOnly: true
  - name: config-volume
    mountPath: /opt/dark-api/logback.xml
    subPath: logback.xml
    readOnly: true
  - name: config-volume
    mountPath: /opt/dark-api/loggers.xml
    subPath: loggers.xml
    readOnly: true
  - name: keycloak-pubkey
    mountPath: /var/lib/dark-api/keys/keycloak
    readOnly: true

apiInitContainers:
  enabled: true

service:
  ports:
    - name: api
      port: 8080
    - name: management
      port: 8023

{{ $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain }}
{{ $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain }}

ingress:
  enabled: true
  annotations:
{{- if .Values.services.ingress.tls.letsEncrypt.enabled }}
    cert-manager.io/cluster-issuer: {{ .Values.services.ingress.tls.letsEncrypt.issuer }}
{{- end }}
    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers: "content-type,content-disposition,authorization,x-request-id"
    nginx.ingress.kubernetes.io/configuration-snippet: |
       more_set_headers "Access-Control-Allow-Origin: $http_origin";       
    kubernetes.io/ingress.class: {{ .Values.services.ingress.class | quote }}
  hosts:
    - host: api.{{ $ingressDomain | default "rbk.dev" }}
      paths:
        - /dark-api
{{- if .Values.services.ingress.tls.enabled }}
  tls:
  {{ if .Values.services.ingress.tls.letsEncrypt.enabled }}
    - secretName: api-{{ .Values.services.ingress.tls.secretName }}
  {{- else }}
    - secretName: {{ .Values.services.ingress.tls.secretName }}
  {{- end }}
      hosts:
        - api.{{ $ingressDomain | default "rbk.dev" }}
{{- end }}
  servicePort: 8080

livenessProbe:
  httpGet:
    path: /actuator/health
    port: management

readinessProbe:
  httpGet:
    path: /actuator/health
    port: management

metrics:
  serviceMonitor:
    enabled: false
    namespace: {{ .Release.Namespace }}
    additionalLabels:
      release: prometheus
    endpoints:
      - port: "management"
        path: /actuator/prometheus
        scheme: http

ciliumPolicies:
  - filters:
    - port: 8022
      type: TCP
    name: magista
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: claim-management
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: messages
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: questionary-aggr-proxy
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: questionary
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: file-storage
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: hellgate
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: cabi
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: dominant
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8022
      type: TCP
    name: dudoser
    namespace: {{ .Release.Namespace }}
  - filters:
    - port: 8080
      type: TCP
    name: keycloak
    namespace: {{ .Release.Namespace }}