forked from github-mirrorer/rtomik-helm-charts
226 lines
8.2 KiB
YAML
226 lines
8.2 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "recipya.fullname" . }}
|
|
labels:
|
|
{{- include "recipya.labels" . | nindent 4 }}
|
|
annotations:
|
|
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
|
checksum/init-script: {{ include (print $.Template.BasePath "/configmap-init-script.yaml") . | sha256sum }}
|
|
spec:
|
|
replicas: {{ .Values.replicaCount }}
|
|
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "recipya.selectorLabels" . | nindent 6 }}
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
maxSurge: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "recipya.selectorLabels" . | nindent 8 }}
|
|
annotations:
|
|
{{- with .Values.podAnnotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
# Set security context for the pod
|
|
securityContext:
|
|
fsGroup: 1000
|
|
|
|
# Init container to configure the application
|
|
initContainers:
|
|
- name: init-config
|
|
image: alpine:3.18
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
echo "Installing jq..."
|
|
apk add --no-cache jq
|
|
echo "Running initialization script..."
|
|
/scripts/init.sh
|
|
securityContext:
|
|
runAsUser: 0 # Run as root to modify config files
|
|
runAsGroup: 0
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /home/recipya/.config/Recipya
|
|
- name: init-script
|
|
mountPath: /scripts
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
# Main application container
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
readOnlyRootFilesystem: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
{{- if .Values.startupArgs }}
|
|
args:
|
|
{{- range .Values.startupArgs }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.service.port }}
|
|
protocol: TCP
|
|
{{- if .Values.probes.liveness.enabled }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: {{ .Values.probes.liveness.path }}
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
|
|
successThreshold: {{ .Values.probes.liveness.successThreshold }}
|
|
{{- end }}
|
|
{{- if .Values.probes.readiness.enabled }}
|
|
readinessProbe:
|
|
httpGet:
|
|
path: {{ .Values.probes.readiness.path }}
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
|
|
successThreshold: {{ .Values.probes.readiness.successThreshold }}
|
|
{{- end }}
|
|
env:
|
|
# Critical environment variables for proper directory structure
|
|
- name: HOME
|
|
value: "/home/recipya"
|
|
- name: RECIPYA_SERVER_URL
|
|
value: {{ .Values.config.server.url | quote }}
|
|
- name: RECIPYA_SERVER_AUTOLOGIN
|
|
value: {{ .Values.config.server.autologin | quote }}
|
|
- name: RECIPYA_SERVER_IS_DEMO
|
|
value: {{ .Values.config.server.is_demo | quote }}
|
|
- name: RECIPYA_SERVER_IS_PROD
|
|
value: {{ .Values.config.server.is_prod | quote }}
|
|
- name: RECIPYA_SERVER_NO_SIGNUPS
|
|
value: {{ .Values.config.server.no_signups | quote }}
|
|
|
|
{{- if .Values.config.email.existingSecret }}
|
|
- name: RECIPYA_EMAIL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.email.existingSecret }}
|
|
key: {{ .Values.config.email.addressKey }}
|
|
- name: RECIPYA_EMAIL_SENDGRID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.email.existingSecret }}
|
|
key: {{ .Values.config.email.sendgridKey }}
|
|
{{- else }}
|
|
{{- if .Values.config.email.address }}
|
|
- name: RECIPYA_EMAIL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "recipya.fullname" . }}-secrets
|
|
key: {{ .Values.config.email.addressKey }}
|
|
optional: true
|
|
{{- end }}
|
|
{{- if .Values.config.email.sendgrid }}
|
|
- name: RECIPYA_EMAIL_SENDGRID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "recipya.fullname" . }}-secrets
|
|
key: {{ .Values.config.email.sendgridKey }}
|
|
optional: true
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- if .Values.config.documentIntelligence.existingSecret }}
|
|
- name: RECIPYA_DI_ENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.documentIntelligence.existingSecret }}
|
|
key: {{ .Values.config.documentIntelligence.endpointKey }}
|
|
- name: RECIPYA_DI_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.documentIntelligence.existingSecret }}
|
|
key: {{ .Values.config.documentIntelligence.keyKey }}
|
|
{{- else }}
|
|
{{- if .Values.config.documentIntelligence.endpoint }}
|
|
- name: RECIPYA_DI_ENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "recipya.fullname" . }}-secrets
|
|
key: {{ .Values.config.documentIntelligence.endpointKey }}
|
|
optional: true
|
|
{{- end }}
|
|
{{- if .Values.config.documentIntelligence.key }}
|
|
- name: RECIPYA_DI_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "recipya.fullname" . }}-secrets
|
|
key: {{ .Values.config.documentIntelligence.keyKey }}
|
|
optional: true
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- range .Values.env }}
|
|
- name: {{ .name }}
|
|
value: {{ .value | quote }}
|
|
{{- end }}
|
|
|
|
{{- with .Values.extraEnv }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /home/recipya/.config/Recipya
|
|
{{- with .Values.extraVolumeMounts }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: {{ include "recipya.fullname" . }}-data
|
|
- name: init-script
|
|
configMap:
|
|
name: {{ include "recipya.fullname" . }}-init-script
|
|
defaultMode: 0755
|
|
{{- with .Values.extraVolumes }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }} |