-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdeployment.yml
152 lines (152 loc) · 4.95 KB
/
deployment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
apiVersion: apps/v1
kind: Deployment
metadata:
name: find-moj-data-deployment
labels:
app: find-moj-data
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 100%
maxUnavailable: 50%
selector:
matchLabels:
app: find-moj-data
template:
metadata:
labels:
app: find-moj-data
spec:
containers:
- name: find-moj-data
image: ${IMAGE_PATH}
resources:
requests:
cpu: 20m
memory: 300Mi
limits:
cpu: 1000m
memory: 1000Mi
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: ENV
value: "${ENV}"
- name: CATALOGUE_URL
value: "${CATALOGUE_URL}"
- name: DEBUG
value: "0"
- name: DATAHUB_TELEMETRY_ENABLED
value: "0"
- name: GIT_REF
value: "${GIT_REF}"
- name: DJANGO_ALLOWED_HOSTS
value: "${DJANGO_ALLOWED_HOSTS}"
- name: DJANGO_LOG_LEVEL
value: "${DJANGO_LOG_LEVEL}"
- name: SENTRY_DSN_WORKAROUND
value: "${SENTRY_DSN_WORKAROUND}"
- name: ENABLE_ANALYTICS
value: "${ENABLE_ANALYTICS}"
- name: ANALYTICS_ID
value: "${ANALYTICS_ID}"
- name: AZURE_AUTH_ENABLED
value: "${AZURE_AUTH_ENABLED}"
- name: AZURE_CLIENT_ID
value: "$AZURE_CLIENT_ID"
- name: AZURE_REDIRECT_URI
value: "$AZURE_REDIRECT_URI"
- name: AZURE_AUTHORITY
value: "$AZURE_AUTHORITY"
- name: CSRF_TRUSTED_ORIGINS
value: "${CSRF_TRUSTED_ORIGINS}"
- name: ENABLE_TRACING
value: "${ENABLE_TRACING}"
- name: TRACES_SAMPLE_RATE
value: "${TRACES_SAMPLE_RATE}"
- name: PROFILES_SAMPLE_RATE
value: "${PROFILES_SAMPLE_RATE}"
- name: NOTIFY_ENABLED
value: "${NOTIFY_ENABLED}"
- name: NOTIFY_API_KEY
value: "${NOTIFY_API_KEY}"
- name: NOTIFY_DATA_OWNER_TEMPLATE_ID
value: "${NOTIFY_DATA_OWNER_TEMPLATE_ID}"
- name: NOTIFY_SENDER_TEMPLATE_ID
value: "${NOTIFY_SENDER_TEMPLATE_ID}"
- name: NOTIFY_DATA_CATALOGUE_TEMPLATE_ID
value: "${NOTIFY_DATA_CATALOGUE_TEMPLATE_ID}"
- name: DATA_CATALOGUE_EMAIL
value: "${DATA_CATALOGUE_EMAIL}"
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: find-moj-data-secrets
key: secret-key
- name: CATALOGUE_TOKEN
valueFrom:
secretKeyRef:
name: find-moj-data-secrets
key: catalogue-token
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: find-moj-data-secrets
key: azure-client-secret
- name: RDS_INSTANCE_ENDPOINT
valueFrom:
secretKeyRef:
name: rds-postgresql-instance-output
key: rds_instance_endpoint
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
name: rds-postgresql-instance-output
key: database_name
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: rds-postgresql-instance-output
key: database_username
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: rds-postgresql-instance-output
key: database_password
- name: RDS_INSTANCE_ADDRESS
valueFrom:
secretKeyRef:
name: rds-postgresql-instance-output
key: rds_instance_address
- name: REDIS_PRIMARY_ENDPOINT_ADDRESS
valueFrom:
secretKeyRef:
name: fmd-redis-secrets
key: primary_endpoint_address
- name: REDIS_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: fmd-redis-secrets
key: auth_token
- name: REDIS_MEMBER_CLUSTERS
valueFrom:
secretKeyRef:
name: fmd-redis-secrets
key: member_clusters
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]
volumeMounts:
- mountPath: /tmp
name: tmp
volumes:
- name: tmp
emptyDir: {}