apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "opengist.fullname" . }} labels: {{- include "opengist.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} strategy: type: {{ .Values.strategy.type }} {{- if eq .Values.strategy.type "RollingUpdate" }} rollingUpdate: maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }} maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }} {{- end }} selector: matchLabels: {{- include "opengist.selectorLabels" . | nindent 6 }} template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if .Values.podAnnotations }} {{- toYaml .Values.podAnnotations | nindent 8 }} {{- end }} labels: {{- include "opengist.labels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: initContainers: - name: init-config image: busybox command: [ "/bin/sh", "/scripts/replace_secrets.sh" ] volumeMounts: - name: config-template mountPath: /tmp/config - name: secret-config mountPath: /tmp/secrets readOnly: true - name: scripts mountPath: /scripts - name: config mountPath: /config {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "opengist.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: {{ include "opengist.image" $ }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: {{ .Values.serviceHttp.port }} protocol: TCP {{- if .Values.livenessProbe.enabled }} livenessProbe: {{- toYaml (omit .Values.livenessProbe "enabled") | nindent 12 }} httpGet: port: http path: /healthcheck {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: {{- toYaml (omit .Values.readinessProbe "enabled") | nindent 12 }} httpGet: port: http path: /healthcheck {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} envFrom: - configMapRef: name: {{ include "opengist.fullname" . }} {{ with .Values.env }} env: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: opengist-data mountPath: /opengist - name: config mountPath: /config.yml subPath: config.yml {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} volumes: - name: opengist-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default ( include "opengist.fullname" . ) }} {{- else }} emptyDir: {} {{- end }} - name: config emptyDir: {} - name: config-template configMap: name: {{ include "opengist.fullname" . }} - name: secret-config secret: secretName: {{ include "opengist.fullname" . }}-secret - name: scripts configMap: name: {{ include "opengist.fullname" . }} items: - key: replace_secrets.sh path: replace_secrets.sh mode: 0755 {{- if .Values.volumes }} {{- toYaml .Values.volumes | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}