core-apps/netmaker/statefulset.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: netmaker
  name: netmaker
spec:
  replicas: 3
  serviceName: netmaker-headless
  selector:
    matchLabels:
      app: netmaker
  template:
    metadata:
      labels:
        app: netmaker
    spec:
      initContainers:
      - name: init-sysctl
        image: busybox
        imagePullPolicy: IfNotPresent
        command: ["/bin/sh", "-c"]
        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
        securityContext:
          privileged: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - env:
        - name: NODE_ID
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: SQL_PASS
          valueFrom:
            secretKeyRef:
              key: password
              name: postgres-pw
        - name: MASTER_KEY
          valueFrom:
            secretKeyRef:
              key: master_key
              name: netmaker-secrets
        - name: MQ_PASSWORD
          valueFrom:
            secretKeyRef:
              key: mq_password
              name: netmaker-secrets
        - name: TURN_SERVER_PASSWORD
          valueFrom:
            secretKeyRef:
              key: turn_password
              name: netmaker-secrets
        envFrom:
          - configMapRef:
              name: netmaker-config
        image: gravitl/netmaker:v1.1.0
        imagePullPolicy: Always
        name: netmaker
        ports:
        - containerPort: 8081
          protocol: TCP
        - containerPort: 31821
          protocol: UDP
        - containerPort: 31822
          protocol: UDP
        - containerPort: 31823
          protocol: UDP
        - containerPort: 31824
          protocol: UDP
        - containerPort: 31825
          protocol: UDP
        - containerPort: 31826
          protocol: UDP
        - containerPort: 31827
          protocol: UDP
        - containerPort: 31828
          protocol: UDP
        - containerPort: 31829
          protocol: UDP
        - containerPort: 31830
          protocol: UDP
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_RAW
        volumeMounts:
        - mountPath: /etc/netmaker/
          name: shared-certs
      volumes:
      - name: shared-certs
        persistentVolumeClaim:
          claimName: shared-certs-pvc