openshift/templates/issuer-wallet/issuer-wallet-deploy.yaml

kind: Template
apiVersion: template.openshift.io/v1
metadata:
  annotations:
    description: Deployment template for a postgresql server with persistent storage.
    tags: ${NAME}${SUFFIX}
  name: ${NAME}${SUFFIX}
objects:
  - kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1
    metadata:
      name: ${NAME}${SUFFIX}
      labels:
        name: ${NAME}${SUFFIX}
        app: ${APP_NAME}${SUFFIX}
        env: ${TAG_NAME}
        backup: ${BACKUP}
    spec:
      description: |
        Allow the agent(s) to access the wallet.
      ingress:
        - from:
            - podSelector:
                matchLabels:
                  role: ${AGENT_ROLE}
                  app: ${APP_NAME}${SUFFIX}
                  env: ${TAG_NAME}
              namespaceSelector:
                matchLabels:
                  name: ${NAMESPACE_NAME}
                  environment: ${TAG_NAME}
          ports:
            - protocol: TCP
              port: 5432
      podSelector:
        matchLabels:
          role: ${ROLE}
          app: ${APP_NAME}${SUFFIX}
          env: ${TAG_NAME}
  - kind: DeploymentConfig
    apiVersion: v1
    metadata:
      name: ${NAME}${SUFFIX}
      generation: 1
      labels:
        app: ${APP_NAME}${SUFFIX}
        app.kubernetes.io/part-of: ${APP_NAME}${SUFFIX}
        name: ${NAME}${SUFFIX}
        app-group: ${APP_GROUP}
        role: ${ROLE}
        env: ${TAG_NAME}
        template: ${NAME}${SUFFIX}
        backup: ${BACKUP}
    spec:
      strategy:
        type: Recreate
        recreateParams:
          timeoutSeconds: 600
        resources: {}
        activeDeadlineSeconds: 21600
      triggers:
        - type: ImageChange
          imageChangeParams:
            automatic: true
            containerNames:
              - ${NAME}${SUFFIX}
            from:
              kind: ImageStreamTag
              namespace: ${IMAGE_NAMESPACE}
              name: ${SOURCE_IMAGE_NAME}:${TAG_PREFIX}${TAG_NAME}
        - type: ConfigChange
      replicas: 1
      test: false
      selector:
        name: ${NAME}${SUFFIX}
      template:
        metadata:
          labels:
            app: ${APP_NAME}${SUFFIX}
            app.kubernetes.io/part-of: ${APP_NAME}${SUFFIX}
            name: ${NAME}${SUFFIX}
            app-group: ${APP_GROUP}
            role: ${ROLE}
            env: ${TAG_NAME}
            backup: ${BACKUP}
        spec:
          volumes:
            - name: ${NAME}${SUFFIX}-data
              persistentVolumeClaim:
                claimName: ${NAME}${SUFFIX}
          containers:
            - name: ${NAME}${SUFFIX}
              image: ' '
              ports:
                - containerPort: 5432
                  protocol: TCP
              env:
                - name: POSTGRESQL_USER
                  valueFrom:
                    secretKeyRef:
                      name: ${NAME}${SUFFIX}
                      key: database-user
                - name: POSTGRESQL_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: ${NAME}${SUFFIX}
                      key: database-password
                - name: POSTGRESQL_ADMIN_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: ${NAME}${SUFFIX}
                      key: admin-password
                - name: POSTGRESQL_DATABASE
                  value: ${POSTGRESQL_DATABASE_NAME}
              resources:
                requests:
                  cpu: ${CPU_REQUEST}
                  memory: ${MEMORY_REQUEST}
                limits:
                  cpu: ${CPU_LIMIT}
                  memory: ${MEMORY_LIMIT}
              volumeMounts:
                - name: ${NAME}${SUFFIX}-data
                  mountPath: ${MOUNT_PATH}
              livenessProbe:
                tcpSocket:
                  port: 5432
                initialDelaySeconds: 30
                timeoutSeconds: 1
                periodSeconds: 10
                successThreshold: 1
                failureThreshold: 3
              readinessProbe:
                exec:
                  command:
                    - /bin/sh
                    - -i
                    - -c
                    - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE
                      -c 'SELECT 1'
                initialDelaySeconds: 5
                timeoutSeconds: 1
                periodSeconds: 10
                successThreshold: 1
                failureThreshold: 3
              terminationMessagePath: /dev/termination-log
              terminationMessagePolicy: File
              imagePullPolicy: IfNotPresent
              securityContext:
                capabilities: {}
                privileged: false
          restartPolicy: Always
          terminationGracePeriodSeconds: 30
          dnsPolicy: ClusterFirst
          securityContext: {}
          schedulerName: default-scheduler
  - kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: ${NAME}${SUFFIX}
      labels:
        app: ${APP_NAME}${SUFFIX}
        app.kubernetes.io/part-of: ${APP_NAME}${SUFFIX}
        name: ${NAME}${SUFFIX}
        app-group: ${APP_GROUP}
        role: ${ROLE}
        env: ${TAG_NAME}
        template: ${NAME}${SUFFIX}
        backup: ${BACKUP}
    spec:
      storageClassName: ${PERSISTENT_VOLUME_CLASS}
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: ${PERSISTENT_VOLUME_SIZE}
  - kind: Secret
    apiVersion: v1
    metadata:
      name: ${NAME}${SUFFIX}
      labels:
        app: ${APP_NAME}${SUFFIX}
        app.kubernetes.io/part-of: ${APP_NAME}${SUFFIX}
        name: ${NAME}${SUFFIX}
        app-group: ${APP_GROUP}
        role: ${ROLE}
        env: ${TAG_NAME}
        backup: ${BACKUP}
    stringData:
      admin-password: ${POSTGRESQL_ADMIN_PASSWORD}
      database-password: ${POSTGRESQL_PASSWORD}
      database-user: ${POSTGRESQL_USER}
    type: Opaque
  - kind: Service
    apiVersion: v1
    metadata:
      name: ${NAME}${SUFFIX}
      labels:
        app: ${APP_NAME}${SUFFIX}
        app.kubernetes.io/part-of: ${APP_NAME}${SUFFIX}
        name: ${NAME}${SUFFIX}
        app-group: ${APP_GROUP}
        role: ${ROLE}
        env: ${TAG_NAME}
        template: ${NAME}${SUFFIX}
        backup: ${BACKUP}
      annotations:
        template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="${NAME}${SUFFIX}")].port}
    spec:
      ports:
        - name: ${NAME}${SUFFIX}
          protocol: TCP
          port: 5432
          targetPort: 5432
      selector:
        name: ${NAME}${SUFFIX}
      type: ClusterIP
      sessionAffinity: None
parameters:
  - name: NAME
    displayName: Name
    description: The name assigned to all of the OpenShift resources associated to
      the server instance.
    required: true
    value: wallet
  - name: APP_NAME
    displayName: App Name
    description: Used to group components together in the OpenShift console.
    required: true
    value: issuer
  - name: APP_GROUP
    displayName: App Group
    description: The name assigned to all of the deployments in this project.
    required: true
    value: issuer
  - name: SUFFIX
    displayName: Suffix
    description: A suffix applied to all of the objects in this template.
    required: false
    value: ''
  - name: ROLE
    displayName: Role
    description: The role of this service within the application - used for Network
      Policies
    required: true
    value: wallet
  - name: AGENT_ROLE
    displayName: Agent Role
    description:
      The role of the agent service within the application - used for Network
      Policies
    required: true
    value: agent
  - name: BACKUP
    displayName: Backup Target
    description:
      allow the backup container access to this pod
    required: true
    value: "true"
  - name: IMAGE_NAMESPACE
    displayName: Image Namespace
    required: true
    description: The namespace of the OpenShift project containing the imagestream
      for the application.
    value: e79518-tools
  - name: NAMESPACE_NAME
    displayName: Namespace Name
    description: The base namespace name for the project.
    required: true
    value: e79518
  - name: SOURCE_IMAGE_NAME
    displayName: Source Image Name
    description: The name of the image to use for this resource.
    required: true
    value: wallet

  - name: TAG_PREFIX
    displayName: Environment TAG prefix
    description: The prefix for the TAG name for this environment.
    required: false
    value:
  - name: TAG_NAME
    displayName: Environment TAG name
    description: The TAG name for this environment, e.g., dev, test, prod
    required: true
    value: latest
  - name: POSTGRESQL_DATABASE_NAME
    displayName: PostgreSQL Database Name
    description: The name of the PostgreSQL database.
    required: true
    value: identity_kit_wallet
  - name: POSTGRESQL_USER
    displayName: PostgreSQL Connection Username
    description: Username for PostgreSQL user that will be used for accessing the
      database.  Needs to be basee64 encoded/
    required: true
    generate: expression
    from: '[a-zA-Z_][a-zA-Z0-9_]{10}'
  - name: POSTGRESQL_PASSWORD
    displayName: PostgreSQL Connection Password
    description: Password for the PostgreSQL connection user.  Needs to be basee64
      encoded/
    required: true
    generate: expression
    from: '[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16}'
  - name: POSTGRESQL_ADMIN_PASSWORD
    displayName: PostgreSQL Admin Password
    description: Password for the 'postgres' PostgreSQL administrative account.  Needs
      to be basee64 encoded.
    required: true
    generate: expression
    from: '[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16}'
  - name: MOUNT_PATH
    displayName: Mount Path
    description: The path to mount the persistent volume.
    required: true
    value: /var/lib/pgsql/data
  - name: PERSISTENT_VOLUME_SIZE
    displayName: Persistent Volume Size
    description: The size of the persistent volume , e.g. 512Mi, 1Gi, 2Gi.
    required: true
    value: 1Gi
  - name: PERSISTENT_VOLUME_CLASS
    displayName: Persistent Volume Class name
    description: The class of the volume; gluster-file, gluster-block, gluster-file-db,
      netapp-file-standard
    required: false
    value: netapp-file-standard
  - name: CPU_REQUEST
    displayName: Resources CPU Request
    description: The resources CPU request (in cores) for this build.
    required: true
    value: 10m
  - name: CPU_LIMIT
    displayName: Resources CPU Limit
    description: The resources CPU limit (in cores) for this build.
    required: true
    value: 750m
  - name: MEMORY_REQUEST
    displayName: Resources Memory Request
    description: The resources Memory request (in Mi, Gi, etc) for this build.
    required: true
    value: 10Mi
  - name: MEMORY_LIMIT
    displayName: Resources Memory Limit
    description: The resources Memory limit (in Mi, Gi, etc) for this build.
    required: true
    value: 256Mi