charts/bitnami/ejbca/templates/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "common.names.fullname" . }}
  labels: {{- include "common.labels.standard" . | nindent 4 }}
    {{- if .Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- end }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
spec:
  selector:
    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
  replicas: {{ .Values.replicaCount }}
  template:
    metadata:
      labels: {{- include "common.labels.standard" . | nindent 8 }}
        {{- if .Values.podLabels }}
        {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
        {{- end }}
      annotations:
        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
      {{- if .Values.podAnnotations }}
        {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
      {{- end }}
    spec:
      {{- include "ejbca.imagePullSecrets" . | nindent 6 }}
      {{- if .Values.hostAliases }}
      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.affinity }}
      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
      {{- else }}
      affinity:
        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
      {{- end }}
      {{- if .Values.nodeSelector }}
      nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.tolerations }}
      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.podSecurityContext.enabled }}
      securityContext:
        fsGroup: {{ .Values.podSecurityContext.fsGroup }}
      {{- end }}
      {{- if .Values.initContainers }}
      initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
      {{- end }}
      containers:
        - name: ejbca
          {{- if .Values.containerSecurityContext.enabled }}
          securityContext:
            runAsUser: {{ .Values.containerSecurityContext.runAsUser }}
          {{- end }}
          image: {{ template "ejbca.image" . }}
          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
          {{- if .Values.diagnosticMode.enabled }}
          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
          {{- else if .Values.command }}
          command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.diagnosticMode.enabled }}
          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
          {{- else if .Values.args }}
          args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
          {{- end }}
          env:
            - name: BITNAMI_DEBUG
              value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
            - name: EJBCA_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "ejbca.secretName" . }}
                  key: ejbca-admin-password
            - name: EJBCA_DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "ejbca.databaseSecretName" . }}
                  key: mariadb-password
            {{- if .Values.ejbcaKeystoreExistingSecret }}
            - name: EJBCA_SERVER_CERT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.ejbcaKeystoreExistingSecret }}
                  key: keystore-password
            {{- end }}
            - name: EJBCA_ADMIN_USERNAME
              value: {{ .Values.ejbcaAdminUsername | quote }}
            - name: EJBCA_DATABASE_HOST
              value: {{ include "ejbca.databaseHost" . | quote }}
            - name: EJBCA_DATABASE_PORT
              value: {{ include "ejbca.databasePort" . | quote }}
            - name: EJBCA_DATABASE_NAME
              value: {{ include "ejbca.databaseName" . | quote }}
            - name: EJBCA_DATABASE_USERNAME
              value: {{ include "ejbca.databaseUsername" . | quote }}
            - name: EJBCA_HTTP_PORT_NUMBER
              value: {{ .Values.containerPorts.http | quote }}
            - name: EJBCA_HTTPS_PORT_NUMBER
              value: {{ .Values.service.httpsPort | quote }}
            - name: EJBCA_HTTPS_ADVERTISED_PORT_NUMBER
              value: {{ .Values.service.advertisedHttpsPort | quote }}
            {{- if .Values.ejbcaKeystoreExistingSecret }}
            - name: EJBCA_SERVER_CERT_FILE
              value: /opt/bitnami/ejbca/mounted-jks/keystore.jks
            {{- end }}
            {{- if .Values.ejbcaJavaOpts }}
            - name: JAVA_OPTS
              value: {{ .Values.ejbcaJavaOpts | quote }}
            {{- end }}
            {{- if .Values.ejbcaCA }}
            {{- if .Values.ejbcaCA.name }}
            - name: EJBCA_CA_NAME
              value: {{ .Values.ejbcaCA.name | quote }}
            {{- end }}
            {{- if .Values.ejbcaCA.baseDN }}
            - name: EJBCA_BASE_DN
              value: {{ .Values.ejbcaCA.baseDN | quote }}
            {{- end }}
            {{- end }}
            {{- if .Values.extraEnv }}
            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
            {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.containerPorts.http }}
            - name: https
              containerPort: {{ .Values.containerPorts.https }}
          {{- if not .Values.diagnosticMode.enabled }}
          {{- if .Values.livenessProbe.enabled }}
          livenessProbe:
            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
            httpGet:
              path: /ejbca
              port: http
          {{- else if .Values.customLivenessProbe }}
          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.readinessProbe.enabled }}
          readinessProbe:
            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
            httpGet:
              path: /ejbca
              port: http
          {{- else if .Values.customReadinessProbe }}
          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
          {{- end }}
          {{- end }}
          volumeMounts:
            - name: ejbca-data
              mountPath: /bitnami/ejbca
              subPath: ejbca
            {{- if .Values.ejbcaKeystoreExistingSecret }}
            - name: ejbca-keystore
              mountPath: /opt/bitnami/ejbca/mounted-jks/keystore.jks
              subPath: "keystore.jks"
            {{- end }}
            {{- if .Values.extraVolumeMounts }}
            {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
            {{- end }}
          {{- if .Values.resources }}
          resources: {{- toYaml .Values.resources | nindent 12 }}
          {{- end }}
        {{- if .Values.sidecars }}
        {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
        {{- end }}
      volumes:
          {{- if .Values.ejbcaKeystoreExistingSecret }}
        - name: ejbca-keystore
          secret:
            secretName: {{ .Values.ejbcaKeystoreExistingSecret }}
            items:
            - key: "keystore.jks"
              path: "keystore.jks"
          {{- end }}
        - name: ejbca-data
          {{- if .Values.persistence.enabled }}
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }}
          {{- else }}
          emptyDir: {}
          {{ end }}
        {{- if .Values.extraVolumes }}
        {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
        {{- end }}