rancher-partner-charts/charts/kubecost/cost-analyzer/2.3.2/templates/aggregator-statefulset.yaml

{{- if and (not .Values.agent) (not .Values.cloudAgent) }}
{{- if eq (include "aggregator.deployMethod" .) "statefulset" }}

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ template "aggregator.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "aggregator.commonLabels" . | nindent 4 }}
    {{- with .Values.global.additionalLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
spec:
  replicas: {{ .Values.kubecostAggregator.replicas }}
  serviceName: {{ template "aggregator.serviceName" . }}
  selector:
    matchLabels:
    {{- include "aggregator.selectorLabels" . | nindent 6 }}
  volumeClaimTemplates:
  - metadata:
      name: aggregator-db-storage
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: {{ .Values.kubecostAggregator.aggregatorDbStorage.storageClass }}
      resources:
        requests:
          storage:  {{ .Values.kubecostAggregator.aggregatorDbStorage.storageRequest }}
  - metadata:
      # In the StatefulSet config, Aggregator should not share any filesystem
      # state with the cost-model to maintain independence and improve
      # stability (in the event of bad file-locking state). Still, there is
      # a need to "mount" ConfigMap files (using the watcher) to a file system;
      # that's what this per-replica Volume is used for.
      name: persistent-configs
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: {{ .Values.kubecostAggregator.persistentConfigsStorage.storageClass }}
      resources:
        requests:
          storage: {{ .Values.kubecostAggregator.persistentConfigsStorage.storageRequest }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: aggregator
        app.kubernetes.io/instance: {{ .Release.Name }}
        {{/* Force pod restarts on upgrades to ensure the nginx config is current */}}
        {{- if not .Values.global.platforms.cicd.enabled }}
        helm-rollout-restarter: {{ randAlphaNum 5 | quote }}
        {{- end }}
        app: aggregator
        {{- with .Values.global.additionalLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- with .Values.global.podAnnotations}}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
      restartPolicy: Always
    {{- if .Values.kubecostAggregator.securityContext }}
      securityContext:
    {{- toYaml .Values.kubecostAggregator.securityContext | nindent 8 }}
    {{- else if and (.Values.global.platforms.openshift.enabled) (.Values.global.platforms.openshift.securityContext) }}
      securityContext:
    {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }}
    {{- else if .Values.global.securityContext }}
      securityContext:
    {{- toYaml .Values.global.securityContext | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "aggregator.serviceAccountName" . }}
      volumes:
        - name: aggregator-staging
          emptyDir:
            sizeLimit: {{ .Values.kubecostAggregator.stagingEmptyDirSizeLimit }}
        {{- $etlBackupBucketSecret := "" }}
        {{- if .Values.kubecostModel.federatedStorageConfigSecret }}
            {{- $etlBackupBucketSecret = .Values.kubecostModel.federatedStorageConfigSecret }}
        {{- end }}
        {{- if $etlBackupBucketSecret }}
        {{- if .Values.kubecostModel.federatedStorageConfigSecret }}
        - name: federated-storage-config
          secret:
            defaultMode: 420
            secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret }}
        {{- end }}
        - name: etl-bucket-config
          secret:
            defaultMode: 420
            secretName: {{ $etlBackupBucketSecret }}
        {{- else }}
        {{- fail "\n\nKubecost Aggregator Enterprise Config requires .Values.kubecostModel.federatedStorageConfigSecret" }}
        {{- end }}
        {{- if and ((.Values.kubecostProductConfigs).productKey).enabled ((.Values.kubecostProductConfigs).productKey).secretname }}
        - name: productkey-secret
          secret:
            secretName: {{ .Values.kubecostProductConfigs.productKey.secretname }}
            items:
            - key: productkey.json
              path: productkey.json
        {{- end }}
        {{- if .Values.saml }}
        {{- if .Values.saml.enabled }}
        {{- if .Values.saml.secretName }}
        - name: secret-volume
          secret:
            secretName: {{ .Values.saml.secretName }}
        {{- end }}
        {{- if .Values.saml.encryptionCertSecret }}
        - name: saml-encryption-cert
          secret:
            secretName: {{ .Values.saml.encryptionCertSecret }}
        {{- end }}
        {{- if .Values.saml.decryptionKeySecret }}
        - name: saml-decryption-key
          secret:
            secretName: {{ .Values.saml.decryptionKeySecret }}
        {{- end }}
        {{- if .Values.saml.metadataSecretName }}
        - name: metadata-secret-volume
          secret:
            secretName: {{ .Values.saml.metadataSecretName }}
        {{- end }}
        - name: saml-auth-secret
          secret:
            secretName: {{ .Values.saml.authSecretName | default "kubecost-saml-secret" }}
        {{- if .Values.saml.rbac.enabled }}
        - name: saml-roles
          configMap:
            name: {{ template "cost-analyzer.fullname" . }}-saml
        {{- end }}
        {{- end }}
        {{- end }}
        {{- if .Values.oidc }}
        {{- if .Values.oidc.enabled }}
        - name: oidc-config
          configMap:
            name: {{ template "cost-analyzer.fullname" . }}-oidc
        {{- if and (not .Values.oidc.existingCustomSecret.enabled) .Values.oidc.secretName }}
        - name: oidc-client-secret
          secret:
            secretName: {{ .Values.oidc.secretName }}
        {{- end }}
        {{- if .Values.oidc.existingCustomSecret.enabled }}
        - name: oidc-client-secret
          secret:
            secretName: {{ .Values.oidc.existingCustomSecret.name }}
        {{- end }}
        {{- end }}
        {{- end }}
        {{- if .Values.global.integrations.postgres.enabled }}
        - name: postgres-creds
          secret:
            {{- if not (eq .Values.global.integrations.postgres.databaseSecretName "") }}
            secretName: {{ .Values.global.integrations.postgres.databaseSecretName }}
            {{- else }}
            secretName: kubecost-integrations-postgres
            {{- end }}
        - name: postgres-queries
          configMap:
            name: kubecost-integrations-postgres-queries
        {{- end }}
        {{- if .Values.kubecostAggregator.extraVolumes }}
        {{- toYaml .Values.kubecostAggregator.extraVolumes | nindent 8 }}
        {{- end }}
      containers:
        {{- include "aggregator.containerTemplate" . | nindent 8 }}

        {{- if .Values.kubecostAggregator.jaeger.enabled }}
        {{ include "aggregator.jaeger.sidecarContainerTemplate" . | nindent 8 }}
        {{- end }}

    {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
      {{ toYaml .Values.imagePullSecrets | indent 2 }}
    {{- end }}
      {{- if .Values.kubecostAggregator.priority }}
      {{- if .Values.kubecostAggregator.priority.enabled }}
      {{- if .Values.kubecostAggregator.priority.name }}
      priorityClassName: {{ .Values.kubecostAggregator.priority.name }}
      {{- else }}
      priorityClassName: {{ template "cost-analyzer.fullname" . }}-aggregator-priority
      {{- end }}
      {{- end }}
      {{- end }}
      {{- with .Values.kubecostAggregator.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.kubecostAggregator.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.kubecostAggregator.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
{{- end }}
{{- end }}