opengist/deploy/helm/templates/deployment.yaml
2024-09-05 01:23:55 +02:00

135 lines
4.5 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "opengist.fullname" . }}
labels:
{{- include "opengist.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
strategy:
type: {{ .Values.strategy.type }}
{{- if eq .Values.strategy.type "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "opengist.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "opengist.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
initContainers:
- name: init-config
image: busybox
command: [ "/bin/sh", "/scripts/replace_secrets.sh" ]
volumeMounts:
- name: config-template
mountPath: /tmp/config
- name: secret-config
mountPath: /tmp/secrets
readOnly: true
- name: scripts
mountPath: /scripts
- name: config
mountPath: /config
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "opengist.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ include "opengist.image" $ }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.serviceHttp.port }}
protocol: TCP
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
{{- toYaml (omit .Values.livenessProbe "enabled") | nindent 12 }}
httpGet:
port: http
path: /healthcheck
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
{{- toYaml (omit .Values.readinessProbe "enabled") | nindent 12 }}
httpGet:
port: http
path: /healthcheck
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
envFrom:
- configMapRef:
name: {{ include "opengist.fullname" . }}
{{ with .Values.env }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: opengist-data
mountPath: {{ .Values.persistence.filestore_dir }}
- name: config
mountPath: /config.yml
subPath: config.yml
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
volumes:
- name: opengist-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default ( include "opengist.fullname" . ) }}
{{- else }}
emptyDir: {}
{{- end }}
- name: config
emptyDir: {}
- name: config-template
configMap:
name: {{ include "opengist.fullname" . }}
- name: secret-config
secret:
secretName: {{ include "opengist.fullname" . }}-secret
- name: scripts
configMap:
name: {{ include "opengist.fullname" . }}
items:
- key: replace_secrets.sh
path: replace_secrets.sh
mode: 0755
{{- if .Values.volumes }}
{{- toYaml .Values.volumes | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}