/
_containers.tpl
167 lines (163 loc) · 6.18 KB
/
_containers.tpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
{{- define "limits.frontend" }}
resources:
requests:
{{ toYaml .Values.main_app.requests | indent 4 }}
limits:
{{ toYaml .Values.main_app.limits | indent 4 }}
{{ end -}}
{{/* Generate a service name for the GMS service, depending on whether or not it uses TLS */}}
{{- define "wmf.gms-service.frontend" -}}
{{- if .Values.mesh.enabled }}
{{- printf "datahub-gms-%s" .Release.Name | trunc 63 | trimSuffix "-" -}}-tls-service.{{ .Release.Namespace }}.svc.cluster.local
{{- else -}}
{{- printf "datahub-gms-%s" .Release.Name | trunc 63 | trimSuffix "-" -}}.{{ .Release.Namespace }}.svc.cluster.local
{{- end }}
{{- end -}}
{{/* default scaffolding for containers */}}
{{- define "default.containers.frontend" }}
# The main application container
- name: {{ template "base.name.release" . }}
image: "{{ .Values.docker.registry }}/{{ .Values.main_app.image }}:{{ .Values.main_app.version }}"
imagePullPolicy: {{ .Values.docker.pull_policy }}
{{- if .Values.main_app.command }}
command:
{{- range .Values.main_app.command }}
- {{ . }}
{{- end }}
{{- end }}
{{- if .Values.main_app.args }}
args:
{{- range .Values.main_app.args }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- containerPort: {{ .Values.app.port }}
{{- if .Values.debug.enabled }}
{{- range .Values.debug.ports }}
- containerPort: {{ . }}
{{- end }}{{ end }}
{{- if .Values.main_app.liveness_probe }}
livenessProbe:
{{- toYaml .Values.main_app.liveness_probe | nindent 4 }}
{{- end }}
{{- if .Values.main_app.readiness_probe }}
readinessProbe:
{{- toYaml .Values.main_app.readiness_probe | nindent 4 }}
{{- end }}
env:
- name: SERVICE_IDENTIFIER
value: {{ template "base.name.release" . }}
{{- range $k, $v := .Values.config.public }}
- name: {{ $k | upper }}
value: {{ $v | quote }}
{{- end }}
{{- range $k, $v := .Values.config.private }}
- name: {{ $k | upper }}
valueFrom:
secretKeyRef:
name: {{ template "base.name.release" $ }}-secret-config
key: {{ $k }}
{{- end }}
{{- if .Values.global.datahub.monitoring.enablePrometheus }}
- name: ENABLE_PROMETHEUS
value: "true"
{{- end }}
- name: DATAHUB_GMS_HOST
value: {{ template "wmf.gms-service.frontend" $ }}
- name: DATAHUB_GMS_PORT
value: "{{ required "GMS port must be specified" .Values.global.datahub.gms.port }}"
- name: DATAHUB_SECRET
valueFrom:
secretKeyRef:
name: {{ template "base.name.release" $ }}-secret-config
key: datahub_encryption_key
- name: DATAHUB_APP_VERSION
value: "{{ .Chart.AppVersion }}"
- name: DATAHUB_PLAY_MEM_BUFFER_SIZE
value: "{{ required "Play memory buffer size must be specified" .Values.global.datahub.play.mem.buffer.size }}"
- name: DATAHUB_ANALYTICS_ENABLED
value: "{{ .Values.global.datahub_analytics_enabled }}"
- name: KAFKA_BOOTSTRAP_SERVER
value: "{{ required "Kafka bootstrap server must be specified" .Values.global.kafka.bootstrap.server }}"
- name: ELASTIC_CLIENT_HOST
value: "{{ required "Elasticsearch host must be specified" .Values.global.elasticsearch.host }}"
- name: ELASTIC_CLIENT_PORT
value: "{{ required "Elasticsearch port must be specified" .Values.global.elasticsearch.port }}"
{{- with .Values.global.elasticsearch.useSSL }}
- name: ELASTIC_CLIENT_USE_SSL
value: {{ . | quote }}
{{- end }}
{{- with .Values.global.elasticsearch.auth }}
- name: ELASTIC_CLIENT_USERNAME
value: {{ .username }}
- name: ELASTIC_CLIENT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "base.name.release" $ }}-secret-config
key: elasticsearch_password
{{- end }}
{{- with .Values.global.elasticsearch.indexPrefix }}
- name: INDEX_PREFIX
value: {{ . }}
{{- end }}
{{- if .Values.global.kafka.topics }}
- name: DATAHUB_TRACKING_TOPIC
value: {{ .Values.global.kafka.topics.datahub_usage_event_name}}
{{- else }}
- name: DATAHUB_TRACKING_TOPIC
value: "DataHubUsageEvent_v1"
{{- end }}
{{- if .Values.global.datahub.gms.useSSL }}
- name: DATAHUB_GMS_USE_SSL
value: "true"
{{- end }}
{{- if .Values.global.datahub.metadata_service_authentication.enabled }}
- name: METADATA_SERVICE_AUTH_ENABLED
value: "true"
- name: DATAHUB_SYSTEM_CLIENT_ID
value: {{ .Values.global.datahub.metadata_service_authentication.systemClientId }}
- name: DATAHUB_SYSTEM_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "base.name.release" $ }}-secret-config
key: token_service_signing_key
{{- end }}
{{- if .Values.auth.oidc.enabled}}
- name: AUTH_OIDC_ENABLED
value: {{ .Values.auth.oidc.enabled | quote}}
- name: AUTH_OIDC_CLIENT_ID
value: {{ .Values.auth.oidc.client_id }}
- name: AUTH_OIDC_PRE_PROVISIONING_REQUIRED
value: {{ .Values.auth.oidc.pre_provisioning_required | quote }}
- name: AUTH_OIDC_DISCOVERY_URI
value: {{ .Values.auth.oidc.discovery_uri }}
- name: AUTH_OIDC_BASE_URL
value: {{ .Values.auth.oidc.base_url }}
- name: AUTH_OIDC_SCOPE
value: {{ .Values.auth.oidc.scope | quote | default "openid profile email" }}
- name: AUTH_OIDC_USER_NAME_CLAIM
value: {{ .Values.auth.oidc.user_name_claim }}
- name: AUTH_OIDC_JIT_PROVISIONING_ENABLED
value: {{ .Values.auth.oidc.jit_provisioning_enabled | quote }}
- name: AUTH_OIDC_EXTRACT_GROUPS_ENABLED
value: {{ .Values.auth.oidc.extract_groups_enabled | quote }}
- name: AUTH_OIDC_CLIENT_AUTHENTICATION_METHOD
value: {{ .Values.auth.oidc.client_authentication_method }}
- name: AUTH_OIDC_PREFERRED_JWS_ALGORITHM
value: {{ .Values.auth.oidc.preferred_jws_algorithm }}
{{- end}}
{{ include "limits.frontend" . | indent 2}}
{{- if or (.Values.main_app.volumeMounts) (.Values.auth.ldap.enabled) }}
volumeMounts:
{{- with .Values.main_app.volumeMounts }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.auth.ldap.enabled }}
- name: {{ template "base.name.release" $ }}-jaas
mountPath: /datahub-frontend/conf/jaas.conf
subPath: jaas.conf
readOnly: true
{{- end }}
{{- end }}
{{- end }}