{{- include "nplus.init" $ -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ .component.fullName }} {{- if .this.utils.includeNamespace }} namespace: {{ .Release.Namespace }} {{- end }} labels: {{- include "nplus.instanceLabels" . | nindent 4 }} annotations: {{- include "nplus.argoWave" . | nindent 4 }} {{- include "nplus.annotations" . | nindent 4 }} {{- include "nplus.securityAnnotations" . | nindent 4 }} spec: selector: matchLabels: {{- include "nplus.selectorLabels" . | nindent 6 }} {{- if not .Values.autoScale }} replicas: {{ .Values.replicaCount }} {{- end }} strategy: type: {{ .Values.updateStrategy | default "RollingUpdate" }} template: metadata: labels: {{- include "nplus.templateLabels" . | nindent 8 }} annotations: {{- include "nplus.templateAnnotations" . | nindent 8 }} {{- include "nplus.securityAnnotations" . | nindent 8 }} spec: {{- include "nplus.imagePullSecrets" . | nindent 6 }} {{- include "nplus.podSecurityContext" . | nindent 6 }} {{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }} {{- include "nplus.templateAffinity" . | nindent 6 }} {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }} initContainers: {{- include "nplus.waitFor" . | nindent 6 }} {{- include "nplus.copyConfig" . | nindent 6 }} # nscale Web does not enable tls / https by default. # TODO: observe ITSMSD-8772 # So we need to perform the steps described in the manual to enable it. # We will do this, if this is a new installation (and the keystore does not exist yet) - name: enable-https image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }} imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }} {{- include "nplus.containerSecurityContext" . | nindent 8 }} {{- include "nplus.initResources" . | nindent 8 }} command: [ "/bin/sh", "-c" ] args: - | set -e KEYSTORE="/mnt/conf/keystore.jks" KEYPASS="changeit" if [ ! -f "$KEYSTORE" ]; then echo "Creating input for keytool" cat << EOM > /tmp/keyinput $KEYPASS $KEYPASS {{ .this.ingress.domain }} Development Department 42i GmbH Bad Lippspringe NRW DE yes EOM echo "Creating Keystore at $KEYSTORE using $KEYTOOL" keytool -genkeypair -alias tomcat -keyalg RSA -keystore $KEYSTORE < /tmp/keyinput else echo "Keystore at $KEYSTORE already exists. Leaving as is." fi echo "Done." volumeMounts: - name: conf subPath: {{ .component.storagePath | quote }} mountPath: /mnt/conf - name: temp mountPath: /tmp containers: - name: web-client image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }} imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }} {{- include "nplus.containerSecurityContext" . | nindent 8 }} env: {{- if ($.this.nappl).host }} - name: NSCALE_HOST value: {{ ($.this.nappl).host | quote }} {{- end }} {{- if ($.this.nappl).port }} - name: NSCALE_PORT value: {{ ($.this.nappl).port | quote }} {{- end }} {{- if ($.this.nappl).ssl }} - name: NSCALE_SSL value: {{ ($.this.nappl).ssl | quote }} {{- end }} {{- if ($.this.nappl).instance }} - name: NSCALE_INSTANCE value: {{ ($.this.nappl).instance | quote }} {{- end }} - name: LOG4JCONFIGLOCATION value: "../conf/log4j/nscale_stdout_log_conf.xml" {{- if .Values.metamodelMode }} - name: REFRESH_METAMODEL_MODE value: {{ .Values.metamodelMode | quote }} {{- end }} {{- if .Values.sameSite }} - name: NSACLE_SAMESITE value: {{ .Values.sameSite | quote }} {{- end }} {{- if .Values.disableUsernamePassword }} - name: NSCALE_DISABLEUSERNAMEPASSWORD value: {{ .Values.disableUsernamePassword | quote }} {{- end }} {{- if .Values.oauthDomains }} - name: NSCALE_OAUTH_DOMAINS value: {{ .Values.oauthDomains | quote }} {{- end }} {{- if .Values.samlDomains }} - name: NSCALE_SAML_DOMAINS value: {{ .Values.samlDomains | quote }} {{- end }} {{- if .Values.immediateFederatedLogin }} - name: NSCALE_IMMEDIATE_FEDERATED_LOGIN value: {{ .Values.immediateFederatedLogin | quote }} {{- end }} {{- if .Values.samlDomains }} - name: NSCALE_ENABLE_SAML value: {{ if .Values.samlDomains }}"true"{{ else }}"false"{{ end }} {{- end }} {{- if .Values.oauthDomains }} - name: NSCALE_ENABLE_OAUTH value: {{ if .Values.oauthDomains }}"true"{{ else }}"false"{{ end }} {{- end }} {{- if .Values.authType }} - name: NSCALE_AUTHTYPE value: {{ .Values.authType | quote }} {{- end }} {{- if .Values.authType }} - name: NSCALE_SMART_CROSSGRADE value: {{ .Values.smartCrossgrade | quote }} {{- end }} {{- if .Values.customizingMode }} - name: NSCALE_CUSTOMIZINGMODE value: {{ if .Values.customizingMode }}"true"{{ else }}"false"{{ end }} {{- end }} {{ include "nplus.appDynamicsEnv" . | nindent 10 }} {{- include "nplus.environment" . | nindent 8 }} {{- if .this.utils.maintenance }} {{- include "nplus.idle" . | nindent 8 }} {{- else }} startupProbe: httpGet: path: /nscale_web/systemConfiguration.xml port: {{ include "nplus.backendPort" . }} scheme: {{ include "nplus.backendProtocol" . | upper }} initialDelaySeconds: 10 failureThreshold: 30 periodSeconds: 10 timeoutSeconds: 5 livenessProbe: httpGet: path: /nscale_web/systemConfiguration.xml port: {{ include "nplus.backendPort" . }} scheme: {{ include "nplus.backendProtocol" . | upper }} periodSeconds: 10 timeoutSeconds: 2 readinessProbe: httpGet: path: /nscale_web/systemConfiguration.xml port: {{ include "nplus.backendPort" . }} scheme: {{ include "nplus.backendProtocol" . | upper }} periodSeconds: 10 timeoutSeconds: 2 {{- end }} ports: {{- include "nplus.defaultContainerPorts" . | nindent 8 }} {{- include "nplus.resources" . | nindent 8 }} volumeMounts: {{- include "nplus.defaultMounts" . | nindent 8 }} volumes: {{- include "nplus.defaultVolumes" . | nindent 6 }}