# Copyright © 2020 Interplanetary Database Association e.V.,
# Planetmint and IPDB software contributors.
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
# Code is Apache-2.0 and docs are CC-BY-4.0

########################################################################
# This YAML file desribes a StatefulSet with a service for running and #
# exposing a MongoDB instance.                                         #
# It depends on the configdb and db k8s pvc.                           #
########################################################################

apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: mdb-instance-0-ss
  namespace: default
spec:
  serviceName: mdb-instance-0
  replicas: 1
  template:
    metadata:
      name: mdb-instance-0-ss
      labels:
        app: mdb-instance-0-ss
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: mongodb
        image: planetmint/localmongodb:2.2.2
        imagePullPolicy: Always
        env:
        - name: MONGODB_FQDN
          valueFrom:
            configMapKeyRef:
             name: vars
             key: mdb-instance-name
        - name: MONGODB_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: MONGODB_PORT
          valueFrom:
            configMapKeyRef:
             name: vars
             key: mongodb-backend-port
        - name: STORAGE_ENGINE_CACHE_SIZE
          valueFrom:
            configMapKeyRef:
             name: vars
             key: storage-engine-cache-size
        - name: MONGODB_ADMIN_USERNAME
          valueFrom:
            configMapKeyRef:
             name: mdb-config
             key: mdb-admin-username
        - name: BDB_USERNAME
          valueFrom:
            configMapKeyRef:
             name: bdb-config
             key: bdb-user
        - name: MDB_MON_USERNAME
          valueFrom:
            configMapKeyRef:
             name: mdb-config
             key: mdb-mon-user
        args:
        - --mongodb-port
        - $(MONGODB_PORT)
        - --mongodb-key-file-path
        - /etc/mongod/ssl/mdb-instance.pem
        - --mongodb-ca-file-path
        - /etc/mongod/ca/ca.pem
        - --mongodb-crl-file-path
        - /etc/mongod/ca/crl.pem
        - --mongodb-fqdn
        - $(MONGODB_FQDN)
        - --mongodb-ip
        - $(MONGODB_POD_IP)
        - --storage-engine-cache-size
        - $(STORAGE_ENGINE_CACHE_SIZE)
        securityContext:
          capabilities:
            add:
            - FOWNER
        ports:
        - containerPort: 27017
          protocol: TCP
          name: mdb-api-port
        volumeMounts:
        - name: mdb-db
          mountPath: /data/db
        - name: mdb-configdb
          mountPath: /data/configdb
        - name: mdb-certs
          mountPath: /etc/mongod/ssl/
          readOnly: true
        - name: ca-auth
          mountPath: /etc/mongod/ca/
          readOnly: true
        - name: mdb-config
          mountPath: /tmp/mongodb
          readOnly: true
        resources:
          limits:
            cpu: 200m
            memory: 5G
        livenessProbe:
          tcpSocket:
            port: mdb-api-port
          initialDelaySeconds: 15
          successThreshold: 1
          failureThreshold: 3
          periodSeconds: 15
          timeoutSeconds: 10
      restartPolicy: Always
      volumes:
      - name: mdb-db
        persistentVolumeClaim:
          claimName: mongo-db-claim
      - name: mdb-configdb
        persistentVolumeClaim:
          claimName: mongo-configdb-claim
      - name: mdb-certs
        secret:
          secretName: mdb-certs
          defaultMode: 0400
      - name: ca-auth
        secret:
          secretName: ca-auth
          defaultMode: 0400
      - name: mdb-config
        secret:
          secretName: mdb-config
          defaultMode: 0400