Public Information
This commit is contained in:
281
charts/nappl/templates/statefulset.tpl
Normal file
281
charts/nappl/templates/statefulset.tpl
Normal file
@@ -0,0 +1,281 @@
|
||||
{{- include "nplus.init" $ -}}
|
||||
# Component: {{ .component.chartName }}
|
||||
#
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ .component.fullName }}
|
||||
{{- if .this.utils.includeNamespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "nplus.instanceLabels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- include "nplus.argoWave" . | nindent 4 }}
|
||||
{{- include "nplus.annotations" . | nindent 4 }}
|
||||
{{- include "nplus.securityAnnotations" . | nindent 4 }}
|
||||
spec:
|
||||
serviceName: {{ .component.fullName }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "nplus.selectorLabels" . | nindent 6 }}
|
||||
{{- if not .Values.autoScale }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
{{- end }}
|
||||
podManagementPolicy: OrderedReady
|
||||
updateStrategy:
|
||||
type: {{ .Values.updateStrategy | default "OnDelete" }}
|
||||
minReadySeconds: 5
|
||||
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "nplus.templateLabels" . | nindent 8 }}
|
||||
ceyoniq.com/application-layer-cluster-name: "{{ .Release.Name }}"
|
||||
nplus/jobs: {{ .this.jobs | quote }}
|
||||
annotations:
|
||||
{{- include "nplus.templateAnnotations" . | nindent 8 }}
|
||||
{{- include "nplus.securityAnnotations" . | nindent 8 }}
|
||||
spec:
|
||||
{{- include "nplus.priorityClassName" . | nindent 6 }}
|
||||
{{- include "nplus.templateAffinity" . | nindent 6 }}
|
||||
{{- include "nplus.imagePullSecrets" . | nindent 6 }}
|
||||
{{- include "nplus.podSecurityContext" . | nindent 6 }}
|
||||
{{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
|
||||
|
||||
{{- if eq ((semver .component.version) | (semver "9.1.1200").Compare) 1 }}
|
||||
serviceAccountName: {{ tpl .Values.kubePing.name . }}
|
||||
{{- else }}
|
||||
automountServiceAccountToken: false
|
||||
{{- end }}
|
||||
|
||||
{{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }}
|
||||
|
||||
initContainers:
|
||||
{{- include "nplus.waitFor" . | nindent 6 }}
|
||||
{{- include "nplus.copyConfig" . | nindent 6 }}
|
||||
|
||||
# 1. RMS / Administrator funktionieren nicht, wenn die service.conf nicht existiert.
|
||||
# Die darf leer sein, wird aber wohl vom Admin auf Anwesenheit geprüft.
|
||||
# 2. Man kann im Admin den NAPPL nicht hochfahren, wenn die dbUrl leer ist. Also füllen wir sie,
|
||||
# falls sie per ENV gesetzt wird.
|
||||
- name: make-rms-work
|
||||
image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }}
|
||||
imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
|
||||
{{- include "nplus.containerSecurityContext" . | nindent 8 }}
|
||||
{{- include "nplus.initResources" . | nindent 8 }}
|
||||
command: [ "/bin/sh", "-c" ]
|
||||
args:
|
||||
- |
|
||||
echo "Touching service.conf"
|
||||
touch /mnt/conf/service.conf
|
||||
{{- if (.this.database).url }}
|
||||
echo "dbUrl is set per ENV to {{ (.this.database).url }}"
|
||||
echo "testing and patching templates/instance1.conf.template"
|
||||
test -f /mnt/conf/templates/instance1.conf.template \
|
||||
&& sed -i 's#^core.db.url=$#core.db.url={{ (.this.database).url }}#g' /mnt/conf/templates/instance1.conf.template \
|
||||
|| echo "/mnt/conf/templates/instance1.conf.template not found. Make sure you run copyconf first"
|
||||
echo "testing and patching instance1.conf"
|
||||
test -f /mnt/conf/instance1.conf \
|
||||
&& sed -i 's#^core.db.url=$#core.db.url={{ (.this.database).url }}#g' /mnt/conf/instance1.conf \
|
||||
|| echo "/mnt/conf/instance1.conf not found. This is ok, if it is the first start."
|
||||
echo "done."
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: conf
|
||||
subPath: {{ .component.storagePath | quote }}
|
||||
mountPath: /mnt/conf
|
||||
|
||||
containers:
|
||||
- name: application-layer
|
||||
image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }}
|
||||
imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
|
||||
{{- include "nplus.containerSecurityContext" . | nindent 8 }}
|
||||
|
||||
env:
|
||||
{{- if (.this.ingress).domain }}
|
||||
# -- if you use SAML, it is important, that the Application Layer knows its external URL to be able
|
||||
# to redirect the SAML request correctly. So we provide it here:
|
||||
- name: SERVER_BASE_URL
|
||||
value: "https://{{ .this.ingress.domain }}"
|
||||
{{- end }}
|
||||
|
||||
# -- SAP SNC Values
|
||||
{{- if (.Values.snc).enabled }}
|
||||
- name: SECUDIR
|
||||
value: "/opt/snc"
|
||||
- name: SNC_LIB
|
||||
value: "/opt/snc/libsapcrypto.so"
|
||||
{{- else }}
|
||||
# there is no definition for .Values.snc, so no snc features are rendered
|
||||
{{- end }}
|
||||
# -- Instance Configuration Values
|
||||
- name: AL_APPENDER
|
||||
value: "stdout"
|
||||
|
||||
{{- if (.this.database).url }}
|
||||
# -- the database definition for the application layer is made within
|
||||
# the values file or command line settings. Another option would be
|
||||
# to leave out the database definition completely, then it would read
|
||||
# the definition from the config file
|
||||
- name: INSTANCE1_CORE_DB_DIALECT
|
||||
value: "{{ required "if database.Url is defined, .dialect is required" (.this.database).dialect }}"
|
||||
- name: INSTANCE1_CORE_DB_DRIVERCLASS
|
||||
value: "{{ required "if database.Url is defined, .driverclass is required" (.this.database).driverclass }}"
|
||||
- name: INSTANCE1_CORE_DB_URL
|
||||
value: "{{ tpl (required "if database.Url is defined, .url is required" (.this.database).url ) . }}"
|
||||
{{- if (.this.database).secret }}
|
||||
# -- username and password are taken from a secret
|
||||
- name: INSTANCE1_CORE_DB_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ (.this.database).secret }}
|
||||
key: account
|
||||
- name: INSTANCE1_CORE_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ (.this.database).secret }}
|
||||
key: password
|
||||
{{- else }}
|
||||
# -- username and password are taken from
|
||||
# the manifest. You should not do this in production
|
||||
# but rather define a secret for it.
|
||||
- name: INSTANCE1_CORE_DB_USERNAME
|
||||
value: {{ required "if database.Url is defined, .username (or Secret) is required" (.this.database).account | quote}}
|
||||
- name: INSTANCE1_CORE_DB_PASSWORD
|
||||
value: {{ required "if database.Url is defined, .password (or Secret) is required" (.this.database).password | quote }}
|
||||
{{- end }}
|
||||
- name: INSTANCE1_CORE_DB_PASSWORD_ENCODED
|
||||
value: {{ required "if database.Url is defined, .passwordEncoded is required to be true or false" (.this.database).passwordEncoded | quote }}
|
||||
- name: INSTANCE1_CORE_DB_PASSWORD_ENCODED_STRONG
|
||||
value: "false"
|
||||
- name: INSTANCE1_CORE_DB_SCHEMA
|
||||
value: {{ required "if database.Url is defined, .schema is required" (.this.database).schema | quote }}
|
||||
{{- else }}
|
||||
# there is no definition for the database, so no the database definition is left to be defined
|
||||
# at some other place (ENV Variables in Values File or NAPPL Config File)
|
||||
{{- end }}
|
||||
#
|
||||
# nappl Cluster-Settings. Should be the same for all potential cluster nodes,
|
||||
# including nappljobs and pipeliner core mode.
|
||||
#
|
||||
{{- if lt ((semver .component.version) | (semver "9.1.1200").Compare) 1 }}
|
||||
# Starting Version 9.1, we need to switch the cluster communication to
|
||||
# the new jgroups
|
||||
- name: INSTANCE1_CLUSTER_CORE_STACKTYPE
|
||||
value: "KUBERNETES"
|
||||
- name: INSTANCE1_JGROUPS_DNS_QUERY
|
||||
value: "{{ .component.prefix }}nappl-cluster"
|
||||
{{- else }}
|
||||
# Not generating INSTANCE1_CLUSTER_CORE_STACKTYPE into manifest, as this component
|
||||
# version is {{ .component.version }} so before 9.1.1200 when the new jGroups was
|
||||
# deployed.
|
||||
{{- end }}
|
||||
|
||||
- name: INSTANCE1_CLUSTER_CORE_CLUSTER_ID
|
||||
value: "{{ .Release.Namespace }}_{{ .Release.Name }}"
|
||||
- name: INSTANCE1_CLUSTER_CORE_NAME
|
||||
value: "{{ .Release.Namespace }}_{{ .Release.Name }}"
|
||||
- name: INSTANCE1_CLUSTER_CORE_DESCRIPTION
|
||||
value: "{{ .Release.Name }} Cluster in {{ .Release.Namespace }} namespace"
|
||||
|
||||
# -- Jobs
|
||||
{{- if .Values.jobs }}
|
||||
# This is a cluster member that is allowed to run jobs, so no changes to the default behaviour
|
||||
{{- else }}
|
||||
# These cluster members should not run jobs, only if necessary
|
||||
- name: INSTANCE1_CLUSTER_CORE_JOB_COORDINATOR_PRIORITY
|
||||
value: "0"
|
||||
{{- end }}
|
||||
# -- # Session Settings
|
||||
{{- if .Values.disableSessionReplication }}
|
||||
- name: INSTANCE1_CORE_CLUSTER_SESSION_REPLICATION_DISABLE
|
||||
value: {{ .Values.disableSessionReplication | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.sessionCacheStorageType }}
|
||||
- name: SESSION_CACHE_STORAGE_TYPE
|
||||
value: {{ .Values.sessionCacheStorageType | quote }}
|
||||
{{- end }}
|
||||
|
||||
# TODO: Muss das hier nun rein oder raus?
|
||||
#
|
||||
# In der nscalealinst1.conf steht dazu:
|
||||
# Fulltext index mirror localcache, (on|off) default off
|
||||
# Instructs the server to write the fulltext index on the local
|
||||
# file system if set to on.
|
||||
# It is recommended to set index.mirror.localcache to on when activating
|
||||
# fulltext for repository or workflow, because this will
|
||||
# increase the fulltext search performance significantly (see public documentation
|
||||
# to get information about needed harddisk space).
|
||||
# The pipeliner has to set this parameter to off.
|
||||
#
|
||||
# - name: INSTANCE1_CORE_FULLTEST_INDEX_MIRROR_LOCALCACHE
|
||||
# value: "off"
|
||||
|
||||
- name: METRICS_ALLOW_REMOTE_REQUESTS
|
||||
value: "true"
|
||||
|
||||
- name: KUBERNETES_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
|
||||
{{- include "nplus.appDynamicsEnv" . | nindent 10 }}
|
||||
|
||||
{{- include "nplus.environment" . | nindent 8 }}
|
||||
|
||||
{{- if .this.utils.maintenance }}
|
||||
{{- include "nplus.idle" . | nindent 8 }}
|
||||
{{- else }}
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /jmx/status
|
||||
port: {{ include "nplus.backendPort" . }}
|
||||
scheme: {{ include "nplus.backendProtocol" . | upper }}
|
||||
initialDelaySeconds: 30
|
||||
failureThreshold: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /jmx/status
|
||||
port: {{ include "nplus.backendPort" . }}
|
||||
scheme: {{ include "nplus.backendProtocol" . | upper }}
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /jmx/status
|
||||
port: {{ include "nplus.backendPort" . }}
|
||||
scheme: {{ include "nplus.backendProtocol" . | upper }}
|
||||
periodSeconds: 60
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 10
|
||||
{{- end }}
|
||||
|
||||
ports:
|
||||
{{- include "nplus.defaultContainerPorts" . | nindent 8 }}
|
||||
|
||||
{{- include "nplus.resources" . | nindent 8 }}
|
||||
|
||||
volumeMounts:
|
||||
{{- include "nplus.defaultMounts" . | nindent 8 }}
|
||||
|
||||
{{- if (.Values.snc).enabled }}
|
||||
- name: conf
|
||||
subPath: "pool/snc"
|
||||
mountPath: "/opt/snc"
|
||||
- name: conf
|
||||
subPath: "pool/snc/libsapcrypto.so"
|
||||
mountPath: "/opt/ceyoniq/nscale-server/application-layer/lib/libsapcrypto.so"
|
||||
- name: conf
|
||||
subPath: "pool/snc/sapjco3.jar"
|
||||
mountPath: "/opt/ceyoniq/nscale-server/application-layer/lib/sapjco3.jar"
|
||||
- name: conf
|
||||
subPath: "pool/snc/libsapjco3.so"
|
||||
mountPath: "/opt/ceyoniq/nscale-server/application-layer/lib/libsapjco3.so"
|
||||
{{- end }}
|
||||
|
||||
volumes:
|
||||
{{- include "nplus.defaultVolumes" . | nindent 6 }}
|
||||
Reference in New Issue
Block a user