tum
/
soc


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165
							apiVersion: v1
kind: Secret
metadata:
  name: iris-root-ca-cert-secret-app
  labels:
    app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/rootCA/irisRootCACert.pem").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
  name: iris-ldap-certs-secret-app
  labels:
    app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/ldap/*").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
  name: iris-certs-dir-rootca-secrets-app
  labels:
    app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/rootCA/*").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
  name: iris-certs-dir-webcerts-secrets-app
  labels:
    app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/web_certificates/*").AsSecrets | indent 2 }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Values.irisapp.name }}
spec:
  replicas: {{ .Values.irisapp.replicaCount }}
  selector:
    matchLabels:
      app: {{ .Values.irisapp.app }}
  template:
    metadata:
      labels:
        app: {{ .Values.irisapp.app }}
    spec:
      securityContext:
        {{- toYaml .Values.irisapp.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Values.irisapp.name }}
          securityContext:
            {{- toYaml .Values.irisapp.securityContext | nindent 12 }}
          resources:
            {{- toYaml .Values.irisapp.resources | nindent 12 }}
          image: "{{ .Values.irisapp.image}}:{{ .Values.irisapp.tag }}"
          imagePullPolicy: "{{ .Values.irisapp.imagePullPolicy }}"
          command: ['nohup', './iris-entrypoint.sh', 'iriswebapp']

          env:

          - name: POSTGRES_USER  # Setting Database username 
            value: {{ .Values.irisapp.POSTGRES_USER| quote }}

          - name:  POSTGRES_PASSWORDD # Setting Database password 
            value: {{ .Values.irisapp.POSTGRES_PASSWORD | quote }}

          - name:  POSTGRES_ADMIN_USER # Setting Database admin user 
            value: {{ .Values.irisapp.POSTGRES_ADMIN_USER | quote }}

          - name:  POSTGRES_ADMIN_PASSWORD # Setting Database admin password
            value: {{ .Values.irisapp.POSTGRES_ADMIN_PASSWORD | quote }}

          - name:  POSTGRES_PORT # Setting Database port
            value: {{ .Values.irisapp.POSTGRES_PORT | quote }}

          - name:  POSTGRES_SERVER # Setting Database server
            value: {{ .Values.irisapp.POSTGRES_SERVER | quote }}

          - name:  IRIS_SECRET_KEY 
            value: {{ .Values.irisapp.IRIS_SECRET_KEY | quote }}

          - name:  IRIS_SECURITY_PASSWORD_SALT 
            value: {{ .Values.irisapp.IRIS_SECURITY_PASSWORD_SALT | quote }}

          - name:  DB_RETRY_COUNT
            value: {{ .Values.irisapp.DB_RETRY_COUNT | quote }}

          - name:  DB_RETRY_DELAY
            value: {{ .Values.irisapp.DB_RETRY_DELAY | quote }}

          - name:  INTERFACE_HTTPS_PORT
            value: {{ .Values.irisapp.INTERFACE_HTTPS_PORT | quote }}

          - name:  IRIS_ADM_USERNAME
            value: {{ .Values.irisapp.IRIS_ADM_USERNAME | quote }}

          - name:  IRIS_ADM_PASSWORD
            value: {{ .Values.irisapp.IRIS_ADM_PASSWORD | quote }}

          ports:
            - containerPort: 8000

          volumeMounts:
            - mountPath: /home/iris/downloads
              name: iris-downloads  
            - mountPath: /home/iris/user_templates
              name: user-templates
            - mountPath: /home/iris/server_data
              name: server-data
            - mountPath: /etc/irisRootCACert.pem
              name: iris-root-ca-cert
              subPath: irisRootCACert.pem
              readOnly: true
            - mountPath: /home/iris/certificates/rootCA
              name: iris-certs-dir-rootca
              readOnly: true
            - mountPath: /home/iris/certificates/web_certificates
              name: iris-certs-dir-webcerts
              readOnly: true
            - mountPath: /iriswebapp/certificates/ldap/
              name: iris-ldap-certs
              readOnly: true
      volumes:
        - name: iris-downloads
          emptyDir: {}
        - name: user-templates
          emptyDir: {}
        - name: server-data
          emptyDir: {}
        - name: iris-root-ca-cert
          secret:
            secretName: iris-root-ca-cert-secret-app
        - name: iris-ldap-certs
          secret:
            secretName: iris-ldap-certs-secret-app
        - name: iris-certs-dir-rootca
          secret:
            secretName: iris-certs-dir-rootca-secrets-app
        - name: iris-certs-dir-webcerts
          secret:
            secretName: iris-certs-dir-webcerts-secrets-app
---
apiVersion: v1
kind: Service
metadata:
  name: {{ .Values.irisapp.name }}
  labels:
    app: {{ .Values.irisapp.app }}
spec:
  type: {{ .Values.irisapp.type }}
  ports:
   - port: {{ .Values.irisapp.service.port }}
     targetPort: {{ .Values.irisapp.service.targetPort }}
  selector:
   app: {{ .Values.irisapp.app }}
---