apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: netmaker
  name: netmaker
spec:
  replicas: 3
  serviceName: netmaker-headless
  selector:
    matchLabels:
      app: netmaker
  template:
    metadata:
      labels:
        app: netmaker
    spec:
      initContainers:
      - name: init-sysctl
        image: busybox
        imagePullPolicy: IfNotPresent
        command: ["/bin/sh", "-c"]
        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
        securityContext:
          privileged: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - env:
        - name: NODE_ID
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: SERVER_NAME
          value: broker.netmaker-test.infra.dubyatp.xyz
        - name: SERVER_API_CONN_STRING
          value: api.netmaker-test.infra.dubyatp.xyz:443
        - name: SERVER_HTTP_HOST
          value: api.netmaker-test.infra.dubyatp.xyz
        - name: API_PORT
          value: "8081"
        - name: WG_QUICK_USERSPACE_IMPLEMENTATION
          value: wireguard-go
        - name: DNS_MODE
          value: "off"
        - name: DISPLAY_KEYS
          value: "on"
        - name: DATABASE
          value: postgres
        - name: SQL_HOST
          value: "weyma-pgsql-rw.cloudnativepg.svc.cluster.local" 
        - name: SQL_PORT
          value: "5432"
        - name: SQL_DB
          value: "netmaker"
        - name: SQL_USER
          value: "netmaker"
        - name: SQL_PASS
          valueFrom:
            secretKeyRef:
              key: password
              name: postgres-pw
        - name: MASTER_KEY
          valueFrom:
            secretKeyRef:
              key: master_key
              name: netmaker-secrets
        - name: MQ_USERNAME
          value: netmaker
        - name: MQ_PASSWORD
          valueFrom:
            secretKeyRef:
              key: mq_password
              name: netmaker-secrets
        - name: CORS_ALLOWED_ORIGIN
          value: '*'
        - name: SERVER_BROKER_ENDPOINT
          value: "ws://mq:1883"
        - name: BROKER_ENDPOINT
          value: "wss://broker.netmaker-test.infra.dubyatp.xyz"
        - name: PLATFORM
          value: "Kubernetes"
        - name: VERBOSITY
          value: "3"
        image: gravitl/netmaker:v1.1.0
        imagePullPolicy: Always
        name: netmaker
        ports:
        - containerPort: 8081
          protocol: TCP
        - containerPort: 31821
          protocol: UDP
        - containerPort: 31822
          protocol: UDP
        - containerPort: 31823
          protocol: UDP
        - containerPort: 31824
          protocol: UDP
        - containerPort: 31825
          protocol: UDP
        - containerPort: 31826
          protocol: UDP
        - containerPort: 31827
          protocol: UDP
        - containerPort: 31828
          protocol: UDP
        - containerPort: 31829
          protocol: UDP
        - containerPort: 31830
          protocol: UDP
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_RAW
        volumeMounts:
        - mountPath: /etc/netmaker/
          name: shared-certs
      volumes:
      - name: shared-certs
        persistentVolumeClaim:
          claimName: shared-certs-pvc