apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "donetick.fullname" . }} labels: {{- include "donetick.labels" . | nindent 4 }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: {{- include "donetick.selectorLabels" . | nindent 6 }} strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 template: metadata: labels: {{- include "donetick.selectorLabels" . | nindent 8 }} annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["/donetick"] {{- if .Values.startupArgs }} args: {{- range .Values.startupArgs }} - {{ . | quote }} {{- end }} {{- end }} ports: - name: http containerPort: {{ .Values.config.server.port }} protocol: TCP {{- if .Values.probes.startup.enabled }} startupProbe: httpGet: path: {{ .Values.probes.startup.path }} port: http initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }} periodSeconds: {{ .Values.probes.startup.periodSeconds }} timeoutSeconds: {{ .Values.probes.startup.timeoutSeconds }} failureThreshold: {{ .Values.probes.startup.failureThreshold }} successThreshold: {{ .Values.probes.startup.successThreshold }} {{- end }} {{- if .Values.probes.liveness.enabled }} livenessProbe: httpGet: path: {{ .Values.probes.liveness.path }} port: http initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.probes.liveness.periodSeconds }} timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} successThreshold: {{ .Values.probes.liveness.successThreshold }} {{- end }} {{- if .Values.probes.readiness.enabled }} readinessProbe: httpGet: path: {{ .Values.probes.readiness.path }} port: http initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.probes.readiness.periodSeconds }} timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }} failureThreshold: {{ .Values.probes.readiness.failureThreshold }} successThreshold: {{ .Values.probes.readiness.successThreshold }} {{- end }} env: {{- range .Values.env }} - name: {{ .name }} value: {{ .value | quote }} {{- end }} # Database configuration environment variables {{- if eq .Values.config.database.type "postgres" }} - name: DT_DATABASE_TYPE value: "postgres" - name: DT_DATABASE_HOST value: {{ .Values.config.database.host | quote }} - name: DT_DATABASE_PORT value: {{ .Values.config.database.port | quote }} - name: DT_DATABASE_NAME value: {{ .Values.config.database.name | quote }} {{- if .Values.config.database.secrets.existingSecret }} - name: DT_DATABASE_USER valueFrom: secretKeyRef: name: {{ .Values.config.database.secrets.existingSecret }} key: {{ .Values.config.database.secrets.userKey }} - name: DT_DATABASE_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.config.database.secrets.existingSecret }} key: {{ .Values.config.database.secrets.passwordKey }} {{- end }} {{- else }} - name: DT_DATABASE_TYPE value: {{ .Values.config.database.type | quote }} {{- end }} # JWT configuration {{- if .Values.config.jwt.existingSecret }} - name: DT_JWT_SECRET valueFrom: secretKeyRef: name: {{ .Values.config.jwt.existingSecret }} key: {{ .Values.config.jwt.secretKey }} {{- else }} - name: DT_JWT_SECRET value: {{ .Values.config.jwt.secret | quote }} {{- end }} # OAuth2 configuration {{- if .Values.config.oauth2.existingSecret }} - name: DT_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ .Values.config.oauth2.existingSecret }} key: {{ .Values.config.oauth2.clientIdKey }} - name: DT_OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ .Values.config.oauth2.existingSecret }} key: {{ .Values.config.oauth2.clientSecretKey }} {{- end }} {{- with .Values.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: config mountPath: /config readOnly: true - name: data mountPath: /donetick-data {{- if not .Values.containerSecurityContext.readOnlyRootFilesystem }} - name: tmp mountPath: /tmp {{- end }} {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumes: - name: config configMap: name: {{ include "donetick.fullname" . }}-configmap {{- if .Values.persistence.enabled }} - name: data persistentVolumeClaim: claimName: {{ include "donetick.fullname" . }}-data {{- else }} - name: data emptyDir: {} {{- end }} {{- if not .Values.containerSecurityContext.readOnlyRootFilesystem }} - name: tmp emptyDir: {} {{- end }} {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}