423 lines
16 KiB
Smarty
423 lines
16 KiB
Smarty
{{- include "nplus.init" $ -}}
|
|
# Component: {{ .component.chartName }}
|
|
# will connect to:
|
|
{{- if (.this.nappl).host }}
|
|
# nappl: {{ if ($.this.nappl).ssl -}}https{{- else -}}http{{- end -}}://{{ ($.this.nappl).host }}:{{ (.this.nappl).port }}/{{ (.this.nappl).instance }}
|
|
{{- else }}
|
|
# defined by config file in conf PV.
|
|
{{- end }}
|
|
#
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: {{ .component.fullName }}
|
|
{{- if .this.utils.includeNamespace }}
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "nplus.instanceLabels" . | nindent 4 }}
|
|
annotations:
|
|
{{- include "nplus.argoWave" . | nindent 4 }}
|
|
{{- include "nplus.annotations" . | nindent 4 }}
|
|
{{- include "nplus.securityAnnotations" . | nindent 4 }}
|
|
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
{{- include "nplus.selectorLabels" . | nindent 6 }}
|
|
replicas: {{ .Values.replicaCount }}
|
|
podManagementPolicy: OrderedReady
|
|
updateStrategy:
|
|
type: {{ .Values.updateStrategy | default "OnDelete" }}
|
|
minReadySeconds: 5
|
|
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "nplus.templateLabels" . | nindent 8 }}
|
|
annotations:
|
|
{{- include "nplus.templateAnnotations" . | nindent 8 }}
|
|
{{- include "nplus.securityAnnotations" . | nindent 8 }}
|
|
spec:
|
|
{{- include "nplus.imagePullSecrets" . | nindent 6 }}
|
|
{{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }}
|
|
{{- include "nplus.podSecurityContext" . | nindent 6 }}
|
|
{{- include "nplus.templateAffinity" . | nindent 6 }}
|
|
{{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
|
|
|
|
initContainers:
|
|
{{- include "nplus.waitFor" . | nindent 6 }}
|
|
{{- include "nplus.copyConfig" . | nindent 6 }}
|
|
|
|
containers:
|
|
- name: sharepoint-connector
|
|
image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }}
|
|
imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
|
|
{{- include "nplus.containerSecurityContext" . | nindent 8 }}
|
|
|
|
{{- if .this.utils.maintenance }}
|
|
{{- include "nplus.idle" . | nindent 8 }}
|
|
{{- else }}
|
|
# -- Ceyoniq does currently not define an *official* startupProbe, so we use
|
|
# one that quickly checks the main socket on Layer 4.
|
|
startupProbe:
|
|
initialDelaySeconds: 10
|
|
failureThreshold: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
httpGet:
|
|
path: '/actuator/health/liveness'
|
|
port: {{ ($.this.management).port }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: '/actuator/health/liveness'
|
|
port: {{ ($.this.management).port }}
|
|
# initialDelaySeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: '/actuator/health/readiness'
|
|
port: {{ ($.this.management).port }}
|
|
# initialDelaySeconds: 10
|
|
{{- end }}
|
|
|
|
env:
|
|
|
|
# -- Management Port Settings, for Probes
|
|
{{- include "nplus.env" (dict
|
|
"MANAGEMENT_SERVER_PORT" ($.this.management).port
|
|
"MANAGEMENT_SERVER_SSL_ENABLED" ($.this.management).ssl
|
|
"MANAGEMENT_SECURITY_ENABLED" ($.this.management).security
|
|
) | nindent 10 }}
|
|
|
|
#
|
|
# Service Settings
|
|
#
|
|
|
|
- name: SERVER_SERVLET_CONTEXT_PATH
|
|
value: {{ .Values.ingress.contextPath | quote }}
|
|
|
|
- name: LOGGING_CONFIG
|
|
value: "/opt/ceyoniq/sharepoint-connector/conf/log4j2.xml"
|
|
|
|
{{- if ((.Values.ingress).ssl).keystore }}
|
|
- name: SERVER_SSL_KEYSTORE
|
|
value: {{ .Values.ingress.ssl.keystore | quote }}
|
|
{{- end }}
|
|
|
|
{{- if or (($.this.security).zeroTrust) (eq .Values.ingress.backendProtocol "https") }}
|
|
- name: SERVER_SSL_ENABLED
|
|
value: "true"
|
|
- name: SERVER_PORT
|
|
value: {{ (.this.meta).ports.https | quote }}
|
|
- name: SERVER_SSL_KEYALIAS
|
|
value: "https"
|
|
|
|
{{- if ((.Values.ingress).ssl).keystoreSecret }}
|
|
|
|
- name: SERVER_SSL_KEYSTOREPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.ingress.ssl.keystoreSecret }}
|
|
key: keystorePassword
|
|
|
|
- name: SERVER_SSL_KEYPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.ingress.ssl.keystoreSecret }}
|
|
key: keyPassword
|
|
|
|
{{- else }}
|
|
|
|
{{- if ((.Values.ingress).ssl).keystorePassword }}
|
|
- name: SERVER_SSL_KEYSTOREPASSWORD
|
|
value: {{ .Values.ingress.ssl.keystorePassword | quote }}
|
|
{{- end }}
|
|
{{- if ((.Values.ingress).ssl).keyPassword }}
|
|
- name: SERVER_SSL_KEYPASSWORD
|
|
value: {{ .Values.ingress.ssl.keyPassword | quote }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
|
|
{{- if ((.Values.ingress).ssl).keyAlias }}
|
|
- name: SERVER_SSL_KEYALIAS
|
|
value: {{ .Values.ingress.ssl.keyAlias | quote }}
|
|
{{- end }}
|
|
|
|
{{- else }}
|
|
- name: SERVER_SSL_ENABLED
|
|
value: "false"
|
|
- name: SERVER_PORT
|
|
value: {{ (.this.meta).ports.http | quote }}
|
|
{{- end }}
|
|
|
|
#
|
|
# NAPPL Settings
|
|
#
|
|
|
|
{{- if ($.this.nappl).host }}
|
|
- name: HOST
|
|
value: {{ ($.this.nappl).host | quote }}
|
|
{{- end }}
|
|
{{- if ($.this.nappl).port }}
|
|
- name: PORT
|
|
value: {{ ($.this.nappl).port | quote }}
|
|
- name: USESSL
|
|
value: "{{ if ($.this.nappl).ssl }}true{{- else -}}false{{- end -}}"
|
|
{{- end }}
|
|
{{- if ($.this.nappl).instance }}
|
|
- name: INSTANCE
|
|
value: {{ ($.this.nappl).instance | quote }}
|
|
{{- end }}
|
|
|
|
# -- setting the credentials for the technical user to access the application layer
|
|
{{- if ($.this.nappl).secret }}
|
|
# using a secret to get the functional nappl user for ILM
|
|
- name: NSCALEUSER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ ($.this.nappl).secret }}
|
|
key: account
|
|
- name: PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ ($.this.nappl).secret }}
|
|
key: password
|
|
- name: DOMAIN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ ($.this.nappl).secret }}
|
|
key: domain
|
|
|
|
{{- else }}
|
|
|
|
{{- if ($.this.nappl).account }}
|
|
# Account is defined in manifest. That is ok for dev environments, but you should
|
|
# switch to secrets for productive environments.
|
|
- name: NSCALEUSER
|
|
value: {{ ($.this.nappl).account }}
|
|
{{- else }}
|
|
# nappl user is not defined in manifest (and also no secret). Using the config file settings.
|
|
{{- end }}
|
|
|
|
{{- if ($.this.nappl).password }}
|
|
# The password is defined in manifest. That is ok for dev environments, but you should
|
|
# switch to secrets for productive environments.
|
|
- name: PASSWORD
|
|
value: {{ ($.this.nappl).password }}
|
|
{{- else }}
|
|
# nappl password is not defined in manifest (and also no secret). Using the config file settings.
|
|
{{- end }}
|
|
|
|
{{- if ($.this.nappl).domain }}
|
|
- name: DOMAIN
|
|
value: {{ ($.this.nappl).domain }}
|
|
{{- else }}
|
|
# nappl password is not defined in manifest (and also no secret). Using the config file settings.
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
|
|
{{- if (.Values.nappl).baseFolder }}
|
|
- name: BASEFOLDER
|
|
value: {{ .Values.nappl.baseFolder | quote }}
|
|
{{- end }}
|
|
|
|
{{- if (.Values.nappl).docArea }}
|
|
- name: DOCAREA
|
|
value: {{ .Values.nappl.docArea | quote }}
|
|
{{- end }}
|
|
|
|
#
|
|
# Service Settings
|
|
#
|
|
- name: DOINITIALCRAWL
|
|
value: {{ .Values.doInitialCrawl | quote }}
|
|
|
|
{{- if .Values.parallelRequests }}
|
|
- name: PARALLELREQUESTS
|
|
value: {{ .Values.parallelRequests | quote }}
|
|
{{- end }}
|
|
|
|
|
|
#
|
|
# O365 AZURE SharePoint Settings
|
|
#
|
|
{{- if (.Values.sharepoint).doCheckOut }}
|
|
- name: DOCHECKOUT
|
|
value: {{ .Values.sharepoint.doCheckOut | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).spHost }}
|
|
- name: SPHOST
|
|
value: {{ .Values.sharepoint.spHost | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).triggerProperty }}
|
|
- name: TRIGGERPROPERTY
|
|
value: {{ .Values.sharepoint.triggerProperty | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).serviceBusQueueName }}
|
|
- name: SERVICEBUSQUEUENAME
|
|
value: {{ .Values.sharepoint.serviceBusQueueName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).serviceBusConnectionString }}
|
|
- name: SERVICEBUSCONNECTIONSTRING
|
|
value: {{ .Values.sharepoint.serviceBusConnectionString | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).serviceBusRetentionConnectionString }}
|
|
- name: SERVICEBUSRETENTIONCONNECTIONSTRING
|
|
value: {{ .Values.sharepoint.serviceBusRetentionConnectionString | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).serviceBusRetentionQueueName }}
|
|
- name: SERVICEBUSRETENTIONQUEUENAME
|
|
value: {{ .Values.sharepoint.serviceBusRetentionQueueName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).serviceBusTopicNameConfigUpdate }}
|
|
- name: SERVICEBUSTOPICNAMECONFIGUPDATE
|
|
value: {{ .Values.sharepoint.serviceBusTopicNameConfigUpdate | quote }}
|
|
{{- end }}
|
|
|
|
#
|
|
# O365 SharePoint Credentials
|
|
#
|
|
{{- if (.Values.sharepoint).secret }}
|
|
# using a secret to get the functional access to SharePoint
|
|
- name: TENANTID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.sharepoint.secret }}
|
|
key: tenantId
|
|
- name: CLIENTID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.sharepoint.secret }}
|
|
key: clientId
|
|
- name: WEBUSERPW
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.sharepoint.secret }}
|
|
key: webUserPw
|
|
- name: CLIENTCERTPW
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.sharepoint.secret }}
|
|
key: clientCertPw
|
|
|
|
{{- else }}
|
|
|
|
{{- if (.Values.sharepoint).tenantId }}
|
|
- name: TENANTID
|
|
value: {{ .Values.sharepoint.tenantId | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).clientId }}
|
|
- name: CLIENTID
|
|
value: {{ .Values.sharepoint.clientId | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).clientCertPw }}
|
|
- name: CLIENTCERTPW
|
|
value: {{ .Values.sharepoint.clientCertPw | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.sharepoint).webUserPw }}
|
|
- name: WEBUSERPW
|
|
value: {{ .Values.sharepoint.webUserPw | quote }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
|
|
#
|
|
# nscale Connector Settings
|
|
#
|
|
{{- if (.Values.connector).sharePointCreatorPropertyName }}
|
|
- name: SHAREPOINTCREATORPROPERTYNAME
|
|
value: {{ .Values.connector.sharePointCreatorPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).sharePointCreatedPropertyName }}
|
|
- name: SHAREPOINTCREATEDPROPERTYNAME
|
|
value: {{ .Values.connector.sharePointCreatedPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).sharePointEditorPropertyName }}
|
|
- name: SHAREPOINTEDITORPROPERTYNAME
|
|
value: {{ .Values.connector.sharePointEditorPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).sharePointEditedPropertyName }}
|
|
- name: SHAREPOINTEDITEDPROPERTYNAME
|
|
value: {{ .Values.connector.sharePointEditedPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).sharePointChangeTokenPropertyName }}
|
|
- name: SHAREPOINTCHANGETOKENPROPERTYNAME
|
|
value: {{ .Values.connector.sharePointChangeTokenPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).idPropertyName }}
|
|
- name: IDPROPERTYNAME
|
|
value: {{ .Values.connector.idPropertyName | quote }}
|
|
{{- end }}
|
|
|
|
{{- if (.Values.connector).stubIdPropertyName }}
|
|
- name: STUBIDPROPERTYNAME
|
|
value: {{ .Values.connector.stubIdPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).stubListItemIdPropertyName }}
|
|
- name: STUBLISTITEMIDPROPERTYNAME
|
|
value: {{ .Values.connector.stubListItemIdPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).parentIdPropertyName }}
|
|
- name: PARENTIDPROPERTYNAME
|
|
value: {{ .Values.connector.parentIdPropertyName | quote }}
|
|
{{- end }}
|
|
|
|
{{- if (.Values.connector).cTagPropertyName }}
|
|
- name: CTAGPROPERTYNAME
|
|
value: {{ .Values.connector.cTagPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).eTagPropertyName }}
|
|
- name: ETAGPROPERTYNAME
|
|
value: {{ .Values.connector.eTagPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).webUrlPropertyName }}
|
|
- name: WEBURLPROPERTYNAME
|
|
value: {{ .Values.connector.webUrlPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).listItemIdPropertyName }}
|
|
- name: LISTITEMIDPROPERTYNAME
|
|
value: {{ .Values.connector.listItemIdPropertyName | quote }}
|
|
{{- end }}
|
|
|
|
{{- if (.Values.connector).nscaleRetentionPropertyName }}
|
|
- name: NSCALERETENTIONPROPERTYNAME
|
|
value: {{ .Values.connector.nscaleRetentionPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).nscaleExpirationPropertyName }}
|
|
- name: NSCALEEXPIRATIONPROPERTYNAME
|
|
value: {{ .Values.connector.nscaleExpirationPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).nscaleLegalHoldPropertyName }}
|
|
- name: NSCALELEGALHOLDPROPERTYNAME
|
|
value: {{ .Values.connector.nscaleLegalHoldPropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).nscaleLegalHidePropertyName }}
|
|
- name: NSCALELEGALHIDEPROPERTYNAME
|
|
value: {{ .Values.connector.nscaleLegalHidePropertyName | quote }}
|
|
{{- end }}
|
|
{{- if (.Values.connector).nscaleGdprRelevantPropertyName }}
|
|
- name: NSCALEGDPRRELEVANTPROPERTYNAME
|
|
value: {{ .Values.connector.nscaleGdprRelevantPropertyName | quote }}
|
|
{{- end }}
|
|
|
|
{{- include "nplus.environment" . | nindent 8 }}
|
|
|
|
|
|
ports:
|
|
{{- include "nplus.defaultContainerPorts" . | nindent 8 }}
|
|
# -- Setting the management port for the probes to use
|
|
- name: management
|
|
containerPort: {{ required "setting the management port is required for the probes" ($.this.management).port }}
|
|
protocol: TCP
|
|
|
|
{{- include "nplus.resources" . | nindent 8 }}
|
|
|
|
volumeMounts:
|
|
{{- include "nplus.defaultMounts" . | nindent 8 }}
|
|
|
|
volumes:
|
|
{{- include "nplus.defaultVolumes" . | nindent 6 }}
|
|
|