apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ .Chart.Name }}-{{ .Chart.Version  | replace "." "-"}}-{{ .Release.Name }}-{{ .Values.statefulset.name }}
  namespace: {{ .Values.namespaces.nexusNs }}
  labels:
    app: nxrm
spec:
  replicas: {{.Values.statefulset.replicaCount}}
  serviceName: "{{ .Chart.Name }}-{{ .Chart.Version  | replace "." "-"}}-{{ .Release.Name }}-{{ .Values.statefulset.name }}"
  selector:
    matchLabels:
      app: nxrm
  template:
    metadata:
      labels:
        app: nxrm
    spec:
      serviceAccountName: {{ .Values.serviceAccount.name }}
      initContainers:
        # chown nexus-data to 'nexus' user and init log directories/files for a new pod
        # otherwise the side car containers will crash a couple of times and backoff whilst waiting
        # for nxrm-app to start and this increases the total start up time.
        - name: chown-nexusdata-owner-to-nexus-and-init-log-dir
          image: {{ .Values.statefulset.initContainer.image.repository }}:{{ .Values.statefulset.initContainer.image.tag }}
          command: [/bin/sh]
          args:
            - -c
            - >-
              mkdir -p /nexus-data/etc/logback &&
              mkdir -p /nexus-data/log/tasks &&
              mkdir -p /nexus-data/log/audit &&
              touch -a /nexus-data/log/tasks/allTasks.log &&
              touch -a /nexus-data/log/audit/audit.log &&
              touch -a /nexus-data/log/request.log &&
              chown -R '200:200' /nexus-data
          volumeMounts:
            - name: nexus-data
              mountPath: /nexus-data
      terminationGracePeriodSeconds: 20
      containers:
        - name: nxrm-app
          image: {{ .Values.statefulset.container.image.repository }}:{{ .Values.statefulset.container.image.tag }}
          securityContext:
            runAsUser: 200
          imagePullPolicy: {{ .Values.statefulset.container.pullPolicy }}
          ports:
            - containerPort: {{ .Values.statefulset.container.containerPort }}
          env:
            - name: DB_NAME
              value: "{{ .Values.statefulset.container.env.nexusDBName }}"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: nxrm-db-secret
                  key: db-password
            - name: DB_USER
              valueFrom:
                secretKeyRef:
                  name: nxrm-db-secret
                  key: db-user
            - name: DB_HOST
              valueFrom:
                secretKeyRef:
                  name: nxrm-db-secret
                  key: db-host
            - name: NEXUS_SECURITY_INITIAL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: nxrm-admin-secret
                  key: nexus-admin-password
            - name: NEXUS_SECURITY_RANDOMPASSWORD
              value: "false"
            - name: INSTALL4J_ADD_VM_PARAMS
              value: "{{ .Values.statefulset.container.env.install4jAddVmParams }} -Dnexus.licenseFile=/nxrm-secrets/{{ .Values.secret.license.alias }} \
          -Dnexus.datastore.enabled=true -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs \
          -Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://${DB_HOST}:{{ .Values.statefulset.container.env.nexusDBPort }}/${DB_NAME} \
          -Dnexus.datastore.nexus.username=${DB_USER} \
          -Dnexus.datastore.nexus.password=${DB_PASSWORD}"
          volumeMounts:
            - mountPath: /nxrm-secrets
              name: nxrm-secrets
            - name: nexus-data
              mountPath: /nexus-data
            - name: logback-tasklogfile-override
              mountPath: /nexus-data/etc/logback/logback-tasklogfile-appender-override.xml
              subPath: logback-tasklogfile-appender-override.xml
        - name: request-log
          image: {{ .Values.statefulset.requestLogContainer.image.repository }}:{{ .Values.statefulset.requestLogContainer.image.tag }}
          args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/request.log']
          volumeMounts:
            - name: nexus-data
              mountPath: /nexus-data
        - name: audit-log
          image: {{ .Values.statefulset.auditLogContainer.image.repository }}:{{ .Values.statefulset.auditLogContainer.image.tag }}
          args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/audit/audit.log']
          volumeMounts:
            - name: nexus-data
              mountPath: /nexus-data
        - name: tasks-log
          image: {{ .Values.statefulset.taskLogContainer.image.repository }}:{{ .Values.statefulset.taskLogContainer.image.tag }}
          args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/tasks/allTasks.log']
          volumeMounts:
            - name: nexus-data
              mountPath: /nexus-data
      volumes:
        - name: nxrm-secrets
          csi:
            driver: secrets-store.csi.k8s.io
            readOnly: true
            volumeAttributes:
              secretProviderClass: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-secret
              fsType: ext4
        - name: logback-tasklogfile-override
          configMap:
            name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-logback-tasklogfile-override
            items:
              - key: logback-tasklogfile-appender-override.xml
                path: logback-tasklogfile-appender-override.xml
  volumeClaimTemplates:
    - metadata:
        name: nexus-data
      spec:
        accessModes: [ "{{.Values.pvc.accessModes }}" ]
        storageClassName: "{{ .Chart.Name }}-{{ .Chart.Version}}-{{ .Release.Name }}-ebs-storage"
        resources:
          requests:
            storage: {{.Values.pvc.storage }}