public/nplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Public Information

Browse Source
This commit is contained in:
Andreas Ahmann
2025-01-24 16:18:47 +01:00
commit 0bd2038c86
449 changed files with 108655 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

422
charts/sharepoint/templates/statefulset.tpl Normal file
View File

@@ -0,0 +1,422 @@
{{- include "nplus.init" $ -}}
# Component: {{ .component.chartName }}
# will connect to:
{{- if (.this.nappl).host }}
# nappl: {{ if ($.this.nappl).ssl -}}https{{- else -}}http{{- end -}}://{{ ($.this.nappl).host }}:{{ (.this.nappl).port }}/{{ (.this.nappl).instance }}
{{- else }}
# defined by config file in conf PV.
{{- end }}
#
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ .component.fullName }}
{{- if .this.utils.includeNamespace }}
namespace: {{ .Release.Namespace }}
{{- end }}
labels:
{{- include "nplus.instanceLabels" . | nindent 4 }}
annotations:
{{- include "nplus.argoWave" . | nindent 4 }}
{{- include "nplus.annotations" . | nindent 4 }}
{{- include "nplus.securityAnnotations" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "nplus.selectorLabels" . | nindent 6 }}
replicas: {{ .Values.replicaCount }}
podManagementPolicy: OrderedReady
updateStrategy:
type: {{ .Values.updateStrategy | default "OnDelete" }}
minReadySeconds: 5
template:
metadata:
labels:
{{- include "nplus.templateLabels" . | nindent 8 }}
annotations:
{{- include "nplus.templateAnnotations" . | nindent 8 }}
{{- include "nplus.securityAnnotations" . | nindent 8 }}
spec:
{{- include "nplus.imagePullSecrets" . | nindent 6 }}
{{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }}
{{- include "nplus.podSecurityContext" . | nindent 6 }}
{{- include "nplus.templateAffinity" . | nindent 6 }}
{{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
initContainers:
{{- include "nplus.waitFor" . | nindent 6 }}
{{- include "nplus.copyConfig" . | nindent 6 }}
containers:
- name: sharepoint-connector
image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }}
imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
{{- include "nplus.containerSecurityContext" . | nindent 8 }}
{{- if .this.utils.maintenance }}
{{- include "nplus.idle" . | nindent 8 }}
{{- else }}
# -- Ceyoniq does currently not define an *official* startupProbe, so we use
# one that quickly checks the main socket on Layer 4.
startupProbe:
initialDelaySeconds: 10
failureThreshold: 30
periodSeconds: 10
timeoutSeconds: 5
httpGet:
path: '/actuator/health/liveness'
port: {{ ($.this.management).port }}
livenessProbe:
httpGet:
path: '/actuator/health/liveness'
port: {{ ($.this.management).port }}
# initialDelaySeconds: 10
readinessProbe:
httpGet:
path: '/actuator/health/readiness'
port: {{ ($.this.management).port }}
# initialDelaySeconds: 10
{{- end }}
env:
# -- Management Port Settings, for Probes
{{- include "nplus.env" (dict
"MANAGEMENT_SERVER_PORT" ($.this.management).port
"MANAGEMENT_SERVER_SSL_ENABLED" ($.this.management).ssl
"MANAGEMENT_SECURITY_ENABLED" ($.this.management).security
) | nindent 10 }}
#
# Service Settings
#
- name: SERVER_SERVLET_CONTEXT_PATH
value: {{ .Values.ingress.contextPath | quote }}
- name: LOGGING_CONFIG
value: "/opt/ceyoniq/sharepoint-connector/conf/log4j2.xml"
{{- if ((.Values.ingress).ssl).keystore }}
- name: SERVER_SSL_KEYSTORE
value: {{ .Values.ingress.ssl.keystore | quote }}
{{- end }}
{{- if or (($.this.security).zeroTrust) (eq .Values.ingress.backendProtocol "https") }}
- name: SERVER_SSL_ENABLED
value: "true"
- name: SERVER_PORT
value: {{ (.this.meta).ports.https | quote }}
- name: SERVER_SSL_KEYALIAS
value: "https"
{{- if ((.Values.ingress).ssl).keystoreSecret }}
- name: SERVER_SSL_KEYSTOREPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.ingress.ssl.keystoreSecret }}
key: keystorePassword
- name: SERVER_SSL_KEYPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.ingress.ssl.keystoreSecret }}
key: keyPassword
{{- else }}
{{- if ((.Values.ingress).ssl).keystorePassword }}
- name: SERVER_SSL_KEYSTOREPASSWORD
value: {{ .Values.ingress.ssl.keystorePassword | quote }}
{{- end }}
{{- if ((.Values.ingress).ssl).keyPassword }}
- name: SERVER_SSL_KEYPASSWORD
value: {{ .Values.ingress.ssl.keyPassword | quote }}
{{- end }}
{{- end }}
{{- if ((.Values.ingress).ssl).keyAlias }}
- name: SERVER_SSL_KEYALIAS
value: {{ .Values.ingress.ssl.keyAlias | quote }}
{{- end }}
{{- else }}
- name: SERVER_SSL_ENABLED
value: "false"
- name: SERVER_PORT
value: {{ (.this.meta).ports.http | quote }}
{{- end }}
#
# NAPPL Settings
#
{{- if ($.this.nappl).host }}
- name: HOST
value: {{ ($.this.nappl).host | quote }}
{{- end }}
{{- if ($.this.nappl).port }}
- name: PORT
value: {{ ($.this.nappl).port | quote }}
- name: USESSL
value: "{{ if ($.this.nappl).ssl }}true{{- else -}}false{{- end -}}"
{{- end }}
{{- if ($.this.nappl).instance }}
- name: INSTANCE
value: {{ ($.this.nappl).instance | quote }}
{{- end }}
# -- setting the credentials for the technical user to access the application layer
{{- if ($.this.nappl).secret }}
# using a secret to get the functional nappl user for ILM
- name: NSCALEUSER
valueFrom:
secretKeyRef:
name: {{ ($.this.nappl).secret }}
key: account
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ ($.this.nappl).secret }}
key: password
- name: DOMAIN
valueFrom:
secretKeyRef:
name: {{ ($.this.nappl).secret }}
key: domain
{{- else }}
{{- if ($.this.nappl).account }}
# Account is defined in manifest. That is ok for dev environments, but you should
# switch to secrets for productive environments.
- name: NSCALEUSER
value: {{ ($.this.nappl).account }}
{{- else }}
# nappl user is not defined in manifest (and also no secret). Using the config file settings.
{{- end }}
{{- if ($.this.nappl).password }}
# The password is defined in manifest. That is ok for dev environments, but you should
# switch to secrets for productive environments.
- name: PASSWORD
value: {{ ($.this.nappl).password }}
{{- else }}
# nappl password is not defined in manifest (and also no secret). Using the config file settings.
{{- end }}
{{- if ($.this.nappl).domain }}
- name: DOMAIN
value: {{ ($.this.nappl).domain }}
{{- else }}
# nappl password is not defined in manifest (and also no secret). Using the config file settings.
{{- end }}
{{- end }}
{{- if (.Values.nappl).baseFolder }}
- name: BASEFOLDER
value: {{ .Values.nappl.baseFolder | quote }}
{{- end }}
{{- if (.Values.nappl).docArea }}
- name: DOCAREA
value: {{ .Values.nappl.docArea | quote }}
{{- end }}
#
# Service Settings
#
- name: DOINITIALCRAWL
value: {{ .Values.doInitialCrawl | quote }}
{{- if .Values.parallelRequests }}
- name: PARALLELREQUESTS
value: {{ .Values.parallelRequests | quote }}
{{- end }}
#
# O365 AZURE SharePoint Settings
#
{{- if (.Values.sharepoint).doCheckOut }}
- name: DOCHECKOUT
value: {{ .Values.sharepoint.doCheckOut | quote }}
{{- end }}
{{- if (.Values.sharepoint).spHost }}
- name: SPHOST
value: {{ .Values.sharepoint.spHost | quote }}
{{- end }}
{{- if (.Values.sharepoint).triggerProperty }}
- name: TRIGGERPROPERTY
value: {{ .Values.sharepoint.triggerProperty | quote }}
{{- end }}
{{- if (.Values.sharepoint).serviceBusQueueName }}
- name: SERVICEBUSQUEUENAME
value: {{ .Values.sharepoint.serviceBusQueueName | quote }}
{{- end }}
{{- if (.Values.sharepoint).serviceBusConnectionString }}
- name: SERVICEBUSCONNECTIONSTRING
value: {{ .Values.sharepoint.serviceBusConnectionString | quote }}
{{- end }}
{{- if (.Values.sharepoint).serviceBusRetentionConnectionString }}
- name: SERVICEBUSRETENTIONCONNECTIONSTRING
value: {{ .Values.sharepoint.serviceBusRetentionConnectionString | quote }}
{{- end }}
{{- if (.Values.sharepoint).serviceBusRetentionQueueName }}
- name: SERVICEBUSRETENTIONQUEUENAME
value: {{ .Values.sharepoint.serviceBusRetentionQueueName | quote }}
{{- end }}
{{- if (.Values.sharepoint).serviceBusTopicNameConfigUpdate }}
- name: SERVICEBUSTOPICNAMECONFIGUPDATE
value: {{ .Values.sharepoint.serviceBusTopicNameConfigUpdate | quote }}
{{- end }}
#
# O365 SharePoint Credentials
#
{{- if (.Values.sharepoint).secret }}
# using a secret to get the functional access to SharePoint
- name: TENANTID
valueFrom:
secretKeyRef:
name: {{ .Values.sharepoint.secret }}
key: tenantId
- name: CLIENTID
valueFrom:
secretKeyRef:
name: {{ .Values.sharepoint.secret }}
key: clientId
- name: WEBUSERPW
valueFrom:
secretKeyRef:
name: {{ .Values.sharepoint.secret }}
key: webUserPw
- name: CLIENTCERTPW
valueFrom:
secretKeyRef:
name: {{ .Values.sharepoint.secret }}
key: clientCertPw
{{- else }}
{{- if (.Values.sharepoint).tenantId }}
- name: TENANTID
value: {{ .Values.sharepoint.tenantId | quote }}
{{- end }}
{{- if (.Values.sharepoint).clientId }}
- name: CLIENTID
value: {{ .Values.sharepoint.clientId | quote }}
{{- end }}
{{- if (.Values.sharepoint).clientCertPw }}
- name: CLIENTCERTPW
value: {{ .Values.sharepoint.clientCertPw | quote }}
{{- end }}
{{- if (.Values.sharepoint).webUserPw }}
- name: WEBUSERPW
value: {{ .Values.sharepoint.webUserPw | quote }}
{{- end }}
{{- end }}
#
# nscale Connector Settings
#
{{- if (.Values.connector).sharePointCreatorPropertyName }}
- name: SHAREPOINTCREATORPROPERTYNAME
value: {{ .Values.connector.sharePointCreatorPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).sharePointCreatedPropertyName }}
- name: SHAREPOINTCREATEDPROPERTYNAME
value: {{ .Values.connector.sharePointCreatedPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).sharePointEditorPropertyName }}
- name: SHAREPOINTEDITORPROPERTYNAME
value: {{ .Values.connector.sharePointEditorPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).sharePointEditedPropertyName }}
- name: SHAREPOINTEDITEDPROPERTYNAME
value: {{ .Values.connector.sharePointEditedPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).sharePointChangeTokenPropertyName }}
- name: SHAREPOINTCHANGETOKENPROPERTYNAME
value: {{ .Values.connector.sharePointChangeTokenPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).idPropertyName }}
- name: IDPROPERTYNAME
value: {{ .Values.connector.idPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).stubIdPropertyName }}
- name: STUBIDPROPERTYNAME
value: {{ .Values.connector.stubIdPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).stubListItemIdPropertyName }}
- name: STUBLISTITEMIDPROPERTYNAME
value: {{ .Values.connector.stubListItemIdPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).parentIdPropertyName }}
- name: PARENTIDPROPERTYNAME
value: {{ .Values.connector.parentIdPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).cTagPropertyName }}
- name: CTAGPROPERTYNAME
value: {{ .Values.connector.cTagPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).eTagPropertyName }}
- name: ETAGPROPERTYNAME
value: {{ .Values.connector.eTagPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).webUrlPropertyName }}
- name: WEBURLPROPERTYNAME
value: {{ .Values.connector.webUrlPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).listItemIdPropertyName }}
- name: LISTITEMIDPROPERTYNAME
value: {{ .Values.connector.listItemIdPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).nscaleRetentionPropertyName }}
- name: NSCALERETENTIONPROPERTYNAME
value: {{ .Values.connector.nscaleRetentionPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).nscaleExpirationPropertyName }}
- name: NSCALEEXPIRATIONPROPERTYNAME
value: {{ .Values.connector.nscaleExpirationPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).nscaleLegalHoldPropertyName }}
- name: NSCALELEGALHOLDPROPERTYNAME
value: {{ .Values.connector.nscaleLegalHoldPropertyName | quote }}
{{- end }}
{{- if (.Values.connector).nscaleLegalHidePropertyName }}
- name: NSCALELEGALHIDEPROPERTYNAME
value: {{ .Values.connector.nscaleLegalHidePropertyName | quote }}
{{- end }}
{{- if (.Values.connector).nscaleGdprRelevantPropertyName }}
- name: NSCALEGDPRRELEVANTPROPERTYNAME
value: {{ .Values.connector.nscaleGdprRelevantPropertyName | quote }}
{{- end }}
{{- include "nplus.environment" . | nindent 8 }}
ports:
{{- include "nplus.defaultContainerPorts" . | nindent 8 }}
# -- Setting the management port for the probes to use
- name: management
containerPort: {{ required "setting the management port is required for the probes" ($.this.management).port }}
protocol: TCP
{{- include "nplus.resources" . | nindent 8 }}
volumeMounts:
{{- include "nplus.defaultMounts" . | nindent 8 }}
volumes:
{{- include "nplus.defaultVolumes" . | nindent 6 }}