mirror of
https://github.com/rtomik/helm-charts.git
synced 2026-04-05 09:40:38 +00:00
337 lines
14 KiB
YAML
337 lines
14 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "mealie.fullname" . }}
|
|
labels:
|
|
{{- include "mealie.labels" . | nindent 4 }}
|
|
spec:
|
|
replicas: {{ .Values.replicaCount }}
|
|
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "mealie.selectorLabels" . | nindent 6 }}
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
maxSurge: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "mealie.selectorLabels" . | nindent 8 }}
|
|
annotations:
|
|
{{- with .Values.podAnnotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
ports:
|
|
- name: http
|
|
containerPort: 9000
|
|
protocol: TCP
|
|
{{- if .Values.probes.liveness.enabled }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: {{ .Values.probes.liveness.path }}
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
|
|
successThreshold: {{ .Values.probes.liveness.successThreshold }}
|
|
{{- end }}
|
|
{{- if .Values.probes.readiness.enabled }}
|
|
readinessProbe:
|
|
httpGet:
|
|
path: {{ .Values.probes.readiness.path }}
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
|
|
successThreshold: {{ .Values.probes.readiness.successThreshold }}
|
|
{{- end }}
|
|
env:
|
|
{{- range $key, $value := .Values.env }}
|
|
- name: {{ $key }}
|
|
value: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- if .Values.postgresql.external.enabled }}
|
|
- name: DB_ENGINE
|
|
value: "postgres"
|
|
- name: POSTGRES_SERVER
|
|
value: {{ .Values.postgresql.external.host | quote }}
|
|
- name: POSTGRES_PORT
|
|
value: {{ .Values.postgresql.external.port | quote }}
|
|
- name: POSTGRES_DB
|
|
value: {{ .Values.postgresql.external.database | quote }}
|
|
- name: POSTGRES_USER
|
|
{{- if .Values.postgresql.external.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.postgresql.external.existingSecret }}
|
|
key: {{ .Values.postgresql.external.userKey }}
|
|
{{- else }}
|
|
value: {{ .Values.postgresql.external.user | quote }}
|
|
{{- end }}
|
|
- name: POSTGRES_PASSWORD
|
|
{{- if .Values.postgresql.external.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.postgresql.external.existingSecret }}
|
|
key: {{ .Values.postgresql.external.passwordKey }}
|
|
{{- else }}
|
|
value: {{ .Values.postgresql.external.password | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.email.enabled }}
|
|
- name: SMTP_HOST
|
|
{{- if .Values.email.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.email.existingSecret }}
|
|
key: "smtp-host"
|
|
{{- else }}
|
|
value: {{ .Values.email.host | quote }}
|
|
{{- end }}
|
|
- name: SMTP_PORT
|
|
value: {{ .Values.email.port | quote }}
|
|
- name: SMTP_FROM_NAME
|
|
value: {{ .Values.email.fromName | quote }}
|
|
- name: SMTP_AUTH_STRATEGY
|
|
value: {{ .Values.email.authStrategy | quote }}
|
|
- name: SMTP_FROM_EMAIL
|
|
value: {{ .Values.email.fromEmail | quote }}
|
|
{{- if and .Values.email.user (or (eq .Values.email.authStrategy "TLS") (eq .Values.email.authStrategy "SSL")) }}
|
|
- name: SMTP_USER
|
|
{{- if .Values.email.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.email.existingSecret }}
|
|
key: {{ .Values.email.userKey }}
|
|
{{- else }}
|
|
value: {{ .Values.email.user | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if and .Values.email.password (or (eq .Values.email.authStrategy "TLS") (eq .Values.email.authStrategy "SSL")) }}
|
|
- name: SMTP_PASSWORD
|
|
{{- if .Values.email.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.email.existingSecret }}
|
|
key: {{ .Values.email.passwordKey }}
|
|
{{- else }}
|
|
value: {{ .Values.email.password | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.ldap.enabled }}
|
|
- name: LDAP_AUTH_ENABLED
|
|
value: "true"
|
|
- name: LDAP_SERVER_URL
|
|
value: {{ .Values.ldap.serverUrl | quote }}
|
|
- name: LDAP_TLS_INSECURE
|
|
value: {{ .Values.ldap.tlsInsecure | quote }}
|
|
{{- if .Values.ldap.tlsCaCertFile }}
|
|
- name: LDAP_TLS_CACERTFILE
|
|
value: {{ .Values.ldap.tlsCaCertFile | quote }}
|
|
{{- end }}
|
|
- name: LDAP_ENABLE_STARTTLS
|
|
value: {{ .Values.ldap.enableStartTls | quote }}
|
|
- name: LDAP_BASE_DN
|
|
value: {{ .Values.ldap.baseDn | quote }}
|
|
{{- if .Values.ldap.queryBind }}
|
|
- name: LDAP_QUERY_BIND
|
|
value: {{ .Values.ldap.queryBind | quote }}
|
|
{{- end }}
|
|
{{- if .Values.ldap.queryPassword }}
|
|
- name: LDAP_QUERY_PASSWORD
|
|
{{- if .Values.ldap.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.ldap.existingSecret }}
|
|
key: {{ .Values.ldap.passwordKey }}
|
|
{{- else }}
|
|
value: {{ .Values.ldap.queryPassword | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.ldap.userFilter }}
|
|
- name: LDAP_USER_FILTER
|
|
value: {{ .Values.ldap.userFilter | quote }}
|
|
{{- end }}
|
|
{{- if .Values.ldap.adminFilter }}
|
|
- name: LDAP_ADMIN_FILTER
|
|
value: {{ .Values.ldap.adminFilter | quote }}
|
|
{{- end }}
|
|
- name: LDAP_ID_ATTRIBUTE
|
|
value: {{ .Values.ldap.idAttribute | quote }}
|
|
- name: LDAP_NAME_ATTRIBUTE
|
|
value: {{ .Values.ldap.nameAttribute | quote }}
|
|
- name: LDAP_MAIL_ATTRIBUTE
|
|
value: {{ .Values.ldap.mailAttribute | quote }}
|
|
{{- end }}
|
|
{{- if .Values.oidc.enabled }}
|
|
- name: OIDC_AUTH_ENABLED
|
|
value: "true"
|
|
- name: OIDC_SIGNUP_ENABLED
|
|
value: {{ .Values.oidc.signupEnabled | quote }}
|
|
- name: OIDC_CONFIGURATION_URL
|
|
value: {{ .Values.oidc.configurationUrl | quote }}
|
|
- name: OIDC_CLIENT_ID
|
|
{{- if .Values.oidc.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.oidc.existingSecret }}
|
|
key: {{ .Values.oidc.clientIdKey }}
|
|
{{- else }}
|
|
value: {{ .Values.oidc.clientId | quote }}
|
|
{{- end }}
|
|
- name: OIDC_CLIENT_SECRET
|
|
{{- if .Values.oidc.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.oidc.existingSecret }}
|
|
key: {{ .Values.oidc.clientSecretKey }}
|
|
{{- else }}
|
|
value: {{ .Values.oidc.clientSecret | quote }}
|
|
{{- end }}
|
|
{{- if .Values.oidc.userGroup }}
|
|
- name: OIDC_USER_GROUP
|
|
value: {{ .Values.oidc.userGroup | quote }}
|
|
{{- end }}
|
|
{{- if .Values.oidc.adminGroup }}
|
|
- name: OIDC_ADMIN_GROUP
|
|
value: {{ .Values.oidc.adminGroup | quote }}
|
|
{{- end }}
|
|
- name: OIDC_AUTO_REDIRECT
|
|
value: {{ .Values.oidc.autoRedirect | quote }}
|
|
- name: OIDC_PROVIDER_NAME
|
|
value: {{ .Values.oidc.providerName | quote }}
|
|
- name: OIDC_REMEMBER_ME
|
|
value: {{ .Values.oidc.rememberMe | quote }}
|
|
- name: OIDC_SIGNING_ALGORITHM
|
|
value: {{ .Values.oidc.signingAlgorithm | quote }}
|
|
- name: OIDC_USER_CLAIM
|
|
value: {{ .Values.oidc.userClaim | quote }}
|
|
- name: OIDC_NAME_CLAIM
|
|
value: {{ .Values.oidc.nameClaim | quote }}
|
|
- name: OIDC_GROUPS_CLAIM
|
|
value: {{ .Values.oidc.groupsClaim | quote }}
|
|
{{- if .Values.oidc.scopesOverride }}
|
|
- name: OIDC_SCOPES_OVERRIDE
|
|
value: {{ .Values.oidc.scopesOverride | quote }}
|
|
{{- end }}
|
|
{{- if .Values.oidc.tlsCaCertFile }}
|
|
- name: OIDC_TLS_CACERTFILE
|
|
value: {{ .Values.oidc.tlsCaCertFile | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.openai.enabled }}
|
|
{{- if .Values.openai.baseUrl }}
|
|
- name: OPENAI_BASE_URL
|
|
value: {{ .Values.openai.baseUrl | quote }}
|
|
{{- end }}
|
|
- name: OPENAI_API_KEY
|
|
{{- if .Values.openai.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.openai.existingSecret }}
|
|
key: {{ .Values.openai.apiKeyKey }}
|
|
{{- else }}
|
|
value: {{ .Values.openai.apiKey | quote }}
|
|
{{- end }}
|
|
- name: OPENAI_MODEL
|
|
value: {{ .Values.openai.model | quote }}
|
|
{{- if .Values.openai.customHeaders }}
|
|
- name: OPENAI_CUSTOM_HEADERS
|
|
value: {{ .Values.openai.customHeaders | quote }}
|
|
{{- end }}
|
|
{{- if .Values.openai.customParams }}
|
|
- name: OPENAI_CUSTOM_PARAMS
|
|
value: {{ .Values.openai.customParams | quote }}
|
|
{{- end }}
|
|
- name: OPENAI_ENABLE_IMAGE_SERVICES
|
|
value: {{ .Values.openai.enableImageServices | quote }}
|
|
- name: OPENAI_WORKERS
|
|
value: {{ .Values.openai.workers | quote }}
|
|
- name: OPENAI_SEND_DATABASE_DATA
|
|
value: {{ .Values.openai.sendDatabaseData | quote }}
|
|
- name: OPENAI_REQUEST_TIMEOUT
|
|
value: {{ .Values.openai.requestTimeout | quote }}
|
|
{{- end }}
|
|
{{- if .Values.tls.enabled }}
|
|
{{- if .Values.tls.existingSecret }}
|
|
- name: TLS_CERTIFICATE_PATH
|
|
value: "/app/certs/{{ .Values.tls.certificateKey }}"
|
|
- name: TLS_PRIVATE_KEY_PATH
|
|
value: "/app/certs/{{ .Values.tls.privateKeyKey }}"
|
|
{{- else }}
|
|
- name: TLS_CERTIFICATE_PATH
|
|
value: {{ .Values.tls.certificatePath | quote }}
|
|
- name: TLS_PRIVATE_KEY_PATH
|
|
value: {{ .Values.tls.privateKeyPath | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- range $key, $value := .Values.theme.light }}
|
|
- name: THEME_LIGHT_{{ $key | upper }}
|
|
value: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- range $key, $value := .Values.theme.dark }}
|
|
- name: THEME_DARK_{{ $key | upper }}
|
|
value: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- with .Values.extraEnv }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /app/data
|
|
{{- if and .Values.tls.enabled .Values.tls.existingSecret }}
|
|
- name: tls-certs
|
|
mountPath: /app/certs
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- with .Values.extraVolumeMounts }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
volumes:
|
|
- name: data
|
|
{{- if .Values.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ include "mealie.fullname" . }}-data
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- if and .Values.tls.enabled .Values.tls.existingSecret }}
|
|
- name: tls-certs
|
|
secret:
|
|
secretName: {{ .Values.tls.existingSecret }}
|
|
{{- end }}
|
|
{{- with .Values.extraVolumes }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }} |