cecf
/
deploy


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196
							{{- if .Values.extensions.cache.enabled }}
apiVersion: "apps/v1"
kind: "StatefulSet"
metadata:
  labels:
    app: {{ .Release.Name }}-extensions-cache
    version: "{{ .Chart.Version }}"
    group:  stackgres.io
  name: {{ .Release.Name }}-extensions-cache
  namespace: {{ .Release.Namespace }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ .Release.Name }}-extensions-cache
      group:  stackgres.io
  serviceName: {{ .Release.Name }}-extensions-cache
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}-extensions-cache
        group:  stackgres.io
    spec:
      securityContext:
        {{- if or (not (.Capabilities.APIVersions.Has "project.openshift.io/v1")) .Values.developer.disableArbitraryUser }}
        fsGroup: 1000
        {{- end }}
      serviceAccountName: {{ .Release.Name }}-extensions-cache
      shareProcessNamespace: true
      terminationGracePeriodSeconds: 0
      restartPolicy: Always
      containers:
      - name: http
        image: "registry.access.redhat.com/ubi8/nginx-120:1-92.1679484498"
        imagePullPolicy: {{ .Values.imagePullPolicy }}
        securityContext:
          {{- if and (or (not (.Capabilities.APIVersions.Has "project.openshift.io/v1")) .Values.developer.disableArbitraryUser) (not .Values.extensions.cache.hostPath) }}
          runAsNonRoot: true
          runAsUser: 998
          runAsGroup: 1000
          {{- end }}
          {{- if .Values.extensions.cache.hostPath }}
          runAsUser: 0
          {{- end }}
        args:
          - '/bin/sh'
          - '-ec'
          {{- if .Values.developer.showDebug }}
          - '-x'
          {{- end }}
          - |
            mkdir -p /var/lib/nginx/tmp
            exec nginx -g 'daemon off;'
        ports:
        - containerPort: 8080
          name: "http"
          protocol: "TCP"
        readinessProbe:
          tcpSocket:
            port: 8080
        volumeMounts:
          - name: extensions-cache-config
            mountPath: /etc/nginx/nginx.conf
            subPath: nginx.conf
            readOnly: true
          - name: extensions-cache-config
            mountPath: /etc/nginx/conf.d/stackgres-operator-extensions-cache.conf
            subPath: stackgres-operator-extensions-cache.conf
            readOnly: true
          - name: extensions-cache-nginx-var
            subPath: var/cache/nginx
            mountPath: /var/cache/nginx
            readOnly: false
          - name: extensions-cache-nginx-var
            subPath: var/run
            mountPath: /var/run
            readOnly: false
          - name: extensions-cache-nginx-var
            subPath: var/lib/nginx
            mountPath: /var/lib/nginx
            readOnly: false
          - name: extensions-cache-nginx-var
            subPath: var/log/nginx
            mountPath: /var/log/nginx
            readOnly: false
          - name: {{ .Release.Name }}-extensions-cache
            subPath: repository
            mountPath: /opt/app-root/src
            readOnly: true
      - name: "controller"
        image: {{ template "kubectl-image" . }}
        imagePullPolicy: {{ .Values.imagePullPolicy }}
        securityContext:
          {{- if and (or (not (.Capabilities.APIVersions.Has "project.openshift.io/v1")) .Values.developer.disableArbitraryUser) (not .Values.extensions.cache.hostPath) }}
          runAsNonRoot: true
          runAsUser: 1000
          runAsGroup: 1000
          {{- end }}
          {{- if .Values.extensions.cache.hostPath }}
          runAsUser: 0
          {{- end }}
        env:
          - name: HOME
            value: /tmp
          - name: EXTENSIONS_REPOSITORY_URLS
            value: "{{ range $index, $element := .Values.extensions.repositoryUrls }}{{ if $index }},{{ end }}{{ $element }}{{ end }}"
          - name: OPERATOR_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          {{- if .Values.developer.logLevel }}
          - name: EXTENSIONS_CACHE_LOG_LEVEL
            value: "{{ .Values.developer.logLevel }}"
          {{- end }}
          {{- range .Values.developer.extraOpts }}
            {{- if . | hasPrefix "-Dquarkus.log.category.\"stackgres-extensions-cache\".level=" }}
          - name: EXTENSIONS_CACHE_LOG_LEVEL
            value: "{{ . | trimPrefix "-Dquarkus.log.category.\"stackgres-extensions-cache\".level=" }}"
            {{- end }}
          {{- end }}
          {{- if .Values.extensions.cache.preloadedExtensions }}
          - name: EXTENSIONS_CACHE_PRELOADED_EXTENSIONS
            value: {{ .Values.extensions.cache.preloadedExtensions | toJson | squote }}
          {{- end }}
          - name: ALLOWED_NAMESPACES
            {{- $allowedNamespaces := regexSplit " " (include "allowedNamespaces" .) -1 }}
            value: "{{ if not ($allowedNamespaces | has "_all_namespaces_placeholder") }}{{ range $index, $namespace := $allowedNamespaces }}{{ if $index }},{{ end }}{{ $namespace }}{{ end }}{{ end }}"
        command:
          - "/bin/bash"
          - "-ec"
          - |
            echo "$EXTENSIONS_CACHE_LOG_LEVEL" | grep -v -q '^\(DEBUG\|TRACE\)$' || set -x
            cd /opt/app-root/src
            sh /usr/local/bin/extensions-cache-conciliator.sh run "$OPERATOR_NAMESPACE" '{{ .Release.Name }}-extensions-cache'
        readinessProbe:
          exec:
            command:
            - test
            - -f
            - /tmp/extensions-cache-ready
        volumeMounts:
          - name: extensions-cache-config
            mountPath: /usr/local/bin/extensions-cache-conciliator.sh
            subPath: extensions-cache-conciliator.sh
            readOnly: true
          - name: {{ .Release.Name }}-extensions-cache
            subPath: repository
            mountPath: /opt/app-root/src
            readOnly: false
          - name: extensions-cache-nginx-var
            subPath: var/log/nginx
            mountPath: /var/log/nginx
            readOnly: true
      volumes:
        {{- if .Values.extensions.cache.hostPath }}
        - name: {{ .Release.Name }}-extensions-cache
          hostPath:
            path: "{{ .Values.extensions.cache.hostPath }}"
            type: DirectoryOrCreate
        {{- end }}
        - name: extensions-cache-config
          configMap:
            name: {{ .Release.Name }}-extensions-cache
            optional: false
            items:
              - key: nginx.conf
                path: nginx.conf
              - key: stackgres-operator-extensions-cache.conf
                path: stackgres-operator-extensions-cache.conf
              - key: extensions-cache-conciliator.sh
                path: extensions-cache-conciliator.sh
        - name: extensions-cache-nginx-var
          emptyDir: {}
  {{- if not .Values.extensions.cache.hostPath }}
  volumeClaimTemplates:
  - metadata:
      labels:
        app: {{ .Release.Name }}-extensions-cache
        version: "{{ .Chart.Version }}"
        group:  stackgres.io
      name: {{ .Release.Name }}-extensions-cache
    spec:
      accessModes: [ "ReadWriteOnce" ]
      {{- if .Values.extensions.cache.persistentVolume.storageClass }}
      {{- if eq "-" .Values.extensions.cache.persistentVolume.storageClass }}
      storageClassName: ""
      {{- else }}
      storageClassName: "{{ .Values.extensions.cache.persistentVolume.storageClass }}"
      {{- end }}
      {{- end }}
      resources:
        requests:
          storage: "{{ .Values.extensions.cache.persistentVolume.size }}"
  {{- end }}
{{- end }}