{{- include "nplus.init" $ -}} # Component: {{ .component.chartName }} # will connect to: {{- if (.this.nappl).host }} # nappl: {{ if ($.this.nappl).ssl -}}https{{- else -}}http{{- end -}}://{{ ($.this.nappl).host }}:{{ (.this.nappl).port }}/{{ (.this.nappl).instance }} {{- else }} # defined by config file in conf PV. {{- end }} # apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ .component.fullName }} {{- if .this.utils.includeNamespace }} namespace: {{ .Release.Namespace }} {{- end }} labels: {{- include "nplus.instanceLabels" . | nindent 4 }} annotations: {{- include "nplus.argoWave" . | nindent 4 }} {{- include "nplus.annotations" . | nindent 4 }} {{- include "nplus.securityAnnotations" . | nindent 4 }} spec: selector: matchLabels: {{- include "nplus.selectorLabels" . | nindent 6 }} replicas: {{ .Values.replicaCount }} podManagementPolicy: OrderedReady updateStrategy: type: {{ .Values.updateStrategy | default "OnDelete" }} minReadySeconds: 5 template: metadata: labels: {{- include "nplus.templateLabels" . | nindent 8 }} annotations: {{- include "nplus.templateAnnotations" . | nindent 8 }} {{- include "nplus.securityAnnotations" . | nindent 8 }} spec: {{- include "nplus.imagePullSecrets" . | nindent 6 }} {{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }} {{- include "nplus.podSecurityContext" . | nindent 6 }} {{- include "nplus.templateAffinity" . | nindent 6 }} {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }} initContainers: {{- include "nplus.waitFor" . | nindent 6 }} {{- include "nplus.copyConfig" . | nindent 6 }} containers: - name: sharepoint-connector image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }} imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }} {{- include "nplus.containerSecurityContext" . | nindent 8 }} {{- if .this.utils.maintenance }} {{- include "nplus.idle" . | nindent 8 }} {{- else }} # -- Ceyoniq does currently not define an *official* startupProbe, so we use # one that quickly checks the main socket on Layer 4. startupProbe: initialDelaySeconds: 10 failureThreshold: 30 periodSeconds: 10 timeoutSeconds: 5 httpGet: path: '/actuator/health/liveness' port: {{ ($.this.management).port }} livenessProbe: httpGet: path: '/actuator/health/liveness' port: {{ ($.this.management).port }} # initialDelaySeconds: 10 readinessProbe: httpGet: path: '/actuator/health/readiness' port: {{ ($.this.management).port }} # initialDelaySeconds: 10 {{- end }} env: # -- Management Port Settings, for Probes {{- include "nplus.env" (dict "MANAGEMENT_SERVER_PORT" ($.this.management).port "MANAGEMENT_SERVER_SSL_ENABLED" ($.this.management).ssl "MANAGEMENT_SECURITY_ENABLED" ($.this.management).security ) | nindent 10 }} # # Service Settings # - name: SERVER_SERVLET_CONTEXT_PATH value: {{ .Values.ingress.contextPath | quote }} - name: LOGGING_CONFIG value: "/opt/ceyoniq/sharepoint-connector/conf/log4j2.xml" {{- if ((.Values.ingress).ssl).keystore }} - name: SERVER_SSL_KEYSTORE value: {{ .Values.ingress.ssl.keystore | quote }} {{- end }} {{- if or (($.this.security).zeroTrust) (eq .Values.ingress.backendProtocol "https") }} - name: SERVER_SSL_ENABLED value: "true" - name: SERVER_PORT value: {{ (.this.meta).ports.https | quote }} - name: SERVER_SSL_KEYALIAS value: "https" {{- if ((.Values.ingress).ssl).keystoreSecret }} - name: SERVER_SSL_KEYSTOREPASSWORD valueFrom: secretKeyRef: name: {{ .Values.ingress.ssl.keystoreSecret }} key: keystorePassword - name: SERVER_SSL_KEYPASSWORD valueFrom: secretKeyRef: name: {{ .Values.ingress.ssl.keystoreSecret }} key: keyPassword {{- else }} {{- if ((.Values.ingress).ssl).keystorePassword }} - name: SERVER_SSL_KEYSTOREPASSWORD value: {{ .Values.ingress.ssl.keystorePassword | quote }} {{- end }} {{- if ((.Values.ingress).ssl).keyPassword }} - name: SERVER_SSL_KEYPASSWORD value: {{ .Values.ingress.ssl.keyPassword | quote }} {{- end }} {{- end }} {{- if ((.Values.ingress).ssl).keyAlias }} - name: SERVER_SSL_KEYALIAS value: {{ .Values.ingress.ssl.keyAlias | quote }} {{- end }} {{- else }} - name: SERVER_SSL_ENABLED value: "false" - name: SERVER_PORT value: {{ (.this.meta).ports.http | quote }} {{- end }} # # NAPPL Settings # {{- if ($.this.nappl).host }} - name: HOST value: {{ ($.this.nappl).host | quote }} {{- end }} {{- if ($.this.nappl).port }} - name: PORT value: {{ ($.this.nappl).port | quote }} - name: USESSL value: "{{ if ($.this.nappl).ssl }}true{{- else -}}false{{- end -}}" {{- end }} {{- if ($.this.nappl).instance }} - name: INSTANCE value: {{ ($.this.nappl).instance | quote }} {{- end }} # -- setting the credentials for the technical user to access the application layer {{- if ($.this.nappl).secret }} # using a secret to get the functional nappl user for ILM - name: NSCALEUSER valueFrom: secretKeyRef: name: {{ ($.this.nappl).secret }} key: account - name: PASSWORD valueFrom: secretKeyRef: name: {{ ($.this.nappl).secret }} key: password - name: DOMAIN valueFrom: secretKeyRef: name: {{ ($.this.nappl).secret }} key: domain {{- else }} {{- if ($.this.nappl).account }} # Account is defined in manifest. That is ok for dev environments, but you should # switch to secrets for productive environments. - name: NSCALEUSER value: {{ ($.this.nappl).account }} {{- else }} # nappl user is not defined in manifest (and also no secret). Using the config file settings. {{- end }} {{- if ($.this.nappl).password }} # The password is defined in manifest. That is ok for dev environments, but you should # switch to secrets for productive environments. - name: PASSWORD value: {{ ($.this.nappl).password }} {{- else }} # nappl password is not defined in manifest (and also no secret). Using the config file settings. {{- end }} {{- if ($.this.nappl).domain }} - name: DOMAIN value: {{ ($.this.nappl).domain }} {{- else }} # nappl password is not defined in manifest (and also no secret). Using the config file settings. {{- end }} {{- end }} {{- if (.Values.nappl).baseFolder }} - name: BASEFOLDER value: {{ .Values.nappl.baseFolder | quote }} {{- end }} {{- if (.Values.nappl).docArea }} - name: DOCAREA value: {{ .Values.nappl.docArea | quote }} {{- end }} # # Service Settings # - name: DOINITIALCRAWL value: {{ .Values.doInitialCrawl | quote }} {{- if .Values.parallelRequests }} - name: PARALLELREQUESTS value: {{ .Values.parallelRequests | quote }} {{- end }} # # O365 AZURE SharePoint Settings # {{- if (.Values.sharepoint).doCheckOut }} - name: DOCHECKOUT value: {{ .Values.sharepoint.doCheckOut | quote }} {{- end }} {{- if (.Values.sharepoint).spHost }} - name: SPHOST value: {{ .Values.sharepoint.spHost | quote }} {{- end }} {{- if (.Values.sharepoint).triggerProperty }} - name: TRIGGERPROPERTY value: {{ .Values.sharepoint.triggerProperty | quote }} {{- end }} {{- if (.Values.sharepoint).serviceBusQueueName }} - name: SERVICEBUSQUEUENAME value: {{ .Values.sharepoint.serviceBusQueueName | quote }} {{- end }} {{- if (.Values.sharepoint).serviceBusConnectionString }} - name: SERVICEBUSCONNECTIONSTRING value: {{ .Values.sharepoint.serviceBusConnectionString | quote }} {{- end }} {{- if (.Values.sharepoint).serviceBusRetentionConnectionString }} - name: SERVICEBUSRETENTIONCONNECTIONSTRING value: {{ .Values.sharepoint.serviceBusRetentionConnectionString | quote }} {{- end }} {{- if (.Values.sharepoint).serviceBusRetentionQueueName }} - name: SERVICEBUSRETENTIONQUEUENAME value: {{ .Values.sharepoint.serviceBusRetentionQueueName | quote }} {{- end }} {{- if (.Values.sharepoint).serviceBusTopicNameConfigUpdate }} - name: SERVICEBUSTOPICNAMECONFIGUPDATE value: {{ .Values.sharepoint.serviceBusTopicNameConfigUpdate | quote }} {{- end }} # # O365 SharePoint Credentials # {{- if (.Values.sharepoint).secret }} # using a secret to get the functional access to SharePoint - name: TENANTID valueFrom: secretKeyRef: name: {{ .Values.sharepoint.secret }} key: tenantId - name: CLIENTID valueFrom: secretKeyRef: name: {{ .Values.sharepoint.secret }} key: clientId - name: WEBUSERPW valueFrom: secretKeyRef: name: {{ .Values.sharepoint.secret }} key: webUserPw - name: CLIENTCERTPW valueFrom: secretKeyRef: name: {{ .Values.sharepoint.secret }} key: clientCertPw {{- else }} {{- if (.Values.sharepoint).tenantId }} - name: TENANTID value: {{ .Values.sharepoint.tenantId | quote }} {{- end }} {{- if (.Values.sharepoint).clientId }} - name: CLIENTID value: {{ .Values.sharepoint.clientId | quote }} {{- end }} {{- if (.Values.sharepoint).clientCertPw }} - name: CLIENTCERTPW value: {{ .Values.sharepoint.clientCertPw | quote }} {{- end }} {{- if (.Values.sharepoint).webUserPw }} - name: WEBUSERPW value: {{ .Values.sharepoint.webUserPw | quote }} {{- end }} {{- end }} # # nscale Connector Settings # {{- if (.Values.connector).sharePointCreatorPropertyName }} - name: SHAREPOINTCREATORPROPERTYNAME value: {{ .Values.connector.sharePointCreatorPropertyName | quote }} {{- end }} {{- if (.Values.connector).sharePointCreatedPropertyName }} - name: SHAREPOINTCREATEDPROPERTYNAME value: {{ .Values.connector.sharePointCreatedPropertyName | quote }} {{- end }} {{- if (.Values.connector).sharePointEditorPropertyName }} - name: SHAREPOINTEDITORPROPERTYNAME value: {{ .Values.connector.sharePointEditorPropertyName | quote }} {{- end }} {{- if (.Values.connector).sharePointEditedPropertyName }} - name: SHAREPOINTEDITEDPROPERTYNAME value: {{ .Values.connector.sharePointEditedPropertyName | quote }} {{- end }} {{- if (.Values.connector).sharePointChangeTokenPropertyName }} - name: SHAREPOINTCHANGETOKENPROPERTYNAME value: {{ .Values.connector.sharePointChangeTokenPropertyName | quote }} {{- end }} {{- if (.Values.connector).idPropertyName }} - name: IDPROPERTYNAME value: {{ .Values.connector.idPropertyName | quote }} {{- end }} {{- if (.Values.connector).stubIdPropertyName }} - name: STUBIDPROPERTYNAME value: {{ .Values.connector.stubIdPropertyName | quote }} {{- end }} {{- if (.Values.connector).stubListItemIdPropertyName }} - name: STUBLISTITEMIDPROPERTYNAME value: {{ .Values.connector.stubListItemIdPropertyName | quote }} {{- end }} {{- if (.Values.connector).parentIdPropertyName }} - name: PARENTIDPROPERTYNAME value: {{ .Values.connector.parentIdPropertyName | quote }} {{- end }} {{- if (.Values.connector).cTagPropertyName }} - name: CTAGPROPERTYNAME value: {{ .Values.connector.cTagPropertyName | quote }} {{- end }} {{- if (.Values.connector).eTagPropertyName }} - name: ETAGPROPERTYNAME value: {{ .Values.connector.eTagPropertyName | quote }} {{- end }} {{- if (.Values.connector).webUrlPropertyName }} - name: WEBURLPROPERTYNAME value: {{ .Values.connector.webUrlPropertyName | quote }} {{- end }} {{- if (.Values.connector).listItemIdPropertyName }} - name: LISTITEMIDPROPERTYNAME value: {{ .Values.connector.listItemIdPropertyName | quote }} {{- end }} {{- if (.Values.connector).nscaleRetentionPropertyName }} - name: NSCALERETENTIONPROPERTYNAME value: {{ .Values.connector.nscaleRetentionPropertyName | quote }} {{- end }} {{- if (.Values.connector).nscaleExpirationPropertyName }} - name: NSCALEEXPIRATIONPROPERTYNAME value: {{ .Values.connector.nscaleExpirationPropertyName | quote }} {{- end }} {{- if (.Values.connector).nscaleLegalHoldPropertyName }} - name: NSCALELEGALHOLDPROPERTYNAME value: {{ .Values.connector.nscaleLegalHoldPropertyName | quote }} {{- end }} {{- if (.Values.connector).nscaleLegalHidePropertyName }} - name: NSCALELEGALHIDEPROPERTYNAME value: {{ .Values.connector.nscaleLegalHidePropertyName | quote }} {{- end }} {{- if (.Values.connector).nscaleGdprRelevantPropertyName }} - name: NSCALEGDPRRELEVANTPROPERTYNAME value: {{ .Values.connector.nscaleGdprRelevantPropertyName | quote }} {{- end }} {{- include "nplus.environment" . | nindent 8 }} ports: {{- include "nplus.defaultContainerPorts" . | nindent 8 }} # -- Setting the management port for the probes to use - name: management containerPort: {{ required "setting the management port is required for the probes" ($.this.management).port }} protocol: TCP {{- include "nplus.resources" . | nindent 8 }} volumeMounts: {{- include "nplus.defaultMounts" . | nindent 8 }} volumes: {{- include "nplus.defaultVolumes" . | nindent 6 }}