-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdeployment.yml
167 lines (163 loc) · 4.88 KB
/
deployment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jira
annotations:
environment: {{ .ENV }}
{{ if eq .ENV "notprod" }}downscaler/uptime: Mon-Fri 07:00-18:30 Europe/London{{ end }}
spec:
replicas: 0
selector:
matchLabels:
name: jira
revisionHistoryLimit: 3
template:
metadata:
labels:
name: jira
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: jira
image: quay.io/ukhomeofficedigital/jira-docker:{{ .DRONE_COMMIT_SHA }}
imagePullPolicy: Always
securityContext:
runAsNonRoot: true
resources:
limits:
cpu: 2
memory: 3.2Gi
requests:
cpu: 1.5
memory: 2Gi
env:
- name: SERVER_PORT
value: '8080'
- name: SERVER_PROXY_NAME
value: {{ .HOSTNAME }}
- name: SERVER_PROXY_PORT
value: '443'
- name: SERVER_REDIRECT_PORT
value: '10443'
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: endpoint
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: database_name
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: password
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: port
- name: DATABASE_SCHEMA_NAME
value: {{ .DATABASE_SCHEMA_NAME }}
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: username
volumeMounts:
- mountPath: /var/atlassian/jira
name: jira
- name: proxy
image: quay.io/ukhomeofficedigital/dq-nginx-proxy-redirect:b87
securityContext:
runAsNonRoot: true
env:
- name: PROXY_SERVICE_HOST
value: 'http://127.0.0.1'
- name: PROXY_SERVICE_PORT
value: '8080'
- name: LOG_FORMAT_NAME
value: 'json'
- name: NAXSI_USE_DEFAULT_RULES
value: 'FALSE'
- name: CLIENT_MAX_BODY_SIZE
value: '10'
ports:
- name: https
containerPort: 10443
- name: s3-backup
image: quay.io/ukhomeofficedigital/dq-jira-s3-backup:{{ .DRONE_COMMIT_SHA }}
imagePullPolicy: Always
securityContext:
runAsNonRoot: true
env:
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: endpoint
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: database_name
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: password
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: port
- name: DATABASE_SCHEMA_NAME
value: {{ .DATABASE_SCHEMA_NAME }}
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .DATABASE_SECRET_NAME }}
key: username
- name: BUCKET_NAME
valueFrom:
secretKeyRef:
name: {{ .AWS_BUCKET_SECRET_NAME }}
key: bucket_name
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ .AWS_BUCKET_SECRET_NAME }}
key: access_key_id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ .AWS_BUCKET_SECRET_NAME }}
key: secret_access_key
- name: SLACK_WEBHOOK
valueFrom:
secretKeyRef:
name: {{ .AWS_BUCKET_SECRET_NAME }}
key: slack_webhook
volumeMounts:
- mountPath: /var/atlassian/jira
name: jira
- name: access-log
image: quay.io/ukhomeofficedigital/dq-logger:{{ .DRONE_COMMIT_SHA }}
imagePullPolicy: Always
securityContext:
runAsNonRoot: true
env:
- name: ACCESS_LOG_PATH
value: '/var/atlassian/jira/log/atlassian-jira-http-access.log'
volumeMounts:
- mountPath: /var/atlassian/jira
name: jira
volumes:
- name: jira
persistentVolumeClaim:
claimName: jira