GHP publish
This commit is contained in:
220
chartmuseum/templates/deployment.yaml
Executable file
220
chartmuseum/templates/deployment.yaml
Executable file
@@ -0,0 +1,220 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "chartmuseum.fullname" . }}
|
||||
annotations:
|
||||
{{ toYaml .Values.deployment.annotations | indent 4 }}
|
||||
labels:
|
||||
{{ include "chartmuseum.labels.standard" . | indent 4 }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{ toYaml .Values.deployment.labels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "chartmuseum.name" . }}
|
||||
release: {{ .Release.Name | quote }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{ toYaml .Values.deployment.labels | indent 6 }}
|
||||
{{- end }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
strategy:
|
||||
{{ toYaml .Values.strategy | indent 4 }}
|
||||
revisionHistoryLimit: 10
|
||||
{{- if .Values.deployment.matchlabes }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ toYaml .Values.deployment.matchlabels | indent 6 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "chartmuseum.fullname" . }}
|
||||
annotations:
|
||||
{{ toYaml .Values.replica.annotations | indent 8 }}
|
||||
labels:
|
||||
app: {{ template "chartmuseum.name" . }}
|
||||
release: {{ .Release.Name | quote }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{ toYaml .Values.deployment.labels | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
securityContext:
|
||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
||||
{{- if .Values.securityContext.runAsNonRoot }}
|
||||
runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext.supplementalGroups }}
|
||||
supplementalGroups: {{ .Values.securityContext.supplementalGroups }}
|
||||
{{- end }}
|
||||
{{- else if .Values.persistence.enabled }}
|
||||
initContainers:
|
||||
- name: volume-permissions
|
||||
image: {{ template "chartmuseum.volumePermissions.image" . }}
|
||||
imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
|
||||
securityContext:
|
||||
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
|
||||
command: ['sh', '-c', 'chown -R {{ .Values.securityContext.fsGroup }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.path }}']
|
||||
volumeMounts:
|
||||
- mountPath: {{ .Values.persistence.path }}
|
||||
name: storage-volume
|
||||
{{- end }}
|
||||
{{- include "chartmuseum.imagePullSecrets" . | indent 6 }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
|
||||
env:
|
||||
{{- range $name, $value := .Values.env.open }}
|
||||
{{- if not (empty $value) }}
|
||||
- name: {{ $name | quote }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $value := .Values.env.field }}
|
||||
{{- if not ( empty $value) }}
|
||||
- name: {{ $name | quote }}
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.gcp.secret.enabled }}
|
||||
- name: GOOGLE_APPLICATION_CREDENTIALS
|
||||
value: "/etc/secrets/google/credentials.json"
|
||||
{{- end }}
|
||||
{{- if .Values.env.existingSecret }}
|
||||
{{- $secret_name := .Values.env.existingSecret }}
|
||||
{{- range $name, $key := .Values.env.existingSecretMappings }}
|
||||
{{- if not ( empty $key) }}
|
||||
- name: {{ $name | quote }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $secret_name | quote }}
|
||||
key: {{ $key | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- $secret_name := include "chartmuseum.fullname" . }}
|
||||
{{- range $name, $value := .Values.env.secret }}
|
||||
{{- if not ( empty $value) }}
|
||||
- name: {{ $name | quote }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $secret_name }}
|
||||
key: {{ $name | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.bearerAuth.secret.enabled }}
|
||||
- name: AUTH_CERT_PATH
|
||||
value: /var/keys/public-key.pem
|
||||
{{ end }}
|
||||
args:
|
||||
- --port=8080
|
||||
{{- if eq .Values.env.open.STORAGE "local" }}
|
||||
- --storage-local-rootdir={{ .Values.persistence.path }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraArgs }}
|
||||
{{ toYaml .Values.extraArgs | indent 8 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.env.open.CONTEXT_PATH }}/health
|
||||
port: http
|
||||
{{ toYaml .Values.probes.liveness | indent 10 }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.env.open.CONTEXT_PATH }}/health
|
||||
port: http
|
||||
{{ toYaml .Values.probes.readiness | indent 10 }}
|
||||
volumeMounts:
|
||||
{{- if eq .Values.env.open.STORAGE "local" }}
|
||||
- mountPath: {{ .Values.persistence.path }}
|
||||
name: storage-volume
|
||||
{{- end }}
|
||||
{{- if .Values.gcp.secret.enabled }}
|
||||
- mountPath: /etc/secrets/google
|
||||
name: {{ include "chartmuseum.fullname" . }}-gcp
|
||||
{{- end }}
|
||||
{{- if .Values.oracle.secret.enabled }}
|
||||
- mountPath: /home/chartmuseum/.oci
|
||||
name: {{ include "chartmuseum.fullname" . }}-oracle
|
||||
{{- end }}
|
||||
{{- if .Values.bearerAuth.secret.enabled }}
|
||||
- name: public-key
|
||||
mountPath: /var/keys
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- with .Values.resources }}
|
||||
resources:
|
||||
{{ toYaml . | indent 10 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.deployment.schedulerName }}
|
||||
schedulerName: {{ .Values.deployment.schedulerName }}
|
||||
{{- end -}}
|
||||
{{- if and .Values.serviceAccount.create .Values.serviceAccount.name }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.name }}
|
||||
{{- else if .Values.serviceAccount.create }}
|
||||
serviceAccountName: {{ include "chartmuseum.fullname" . }}
|
||||
{{- else if .Values.serviceAccount.name }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: storage-volume
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default (include "chartmuseum.fullname" .) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{ if .Values.gcp.secret.enabled }}
|
||||
- name: {{ include "chartmuseum.fullname" . }}-gcp
|
||||
secret:
|
||||
{{ if .Values.env.secret.GOOGLE_CREDENTIALS_JSON }}
|
||||
secretName: {{ include "chartmuseum.fullname" . }}
|
||||
items:
|
||||
- key: GOOGLE_CREDENTIALS_JSON
|
||||
path: credentials.json
|
||||
{{ else }}
|
||||
secretName: {{ .Values.gcp.secret.name }}
|
||||
items:
|
||||
- key: {{ .Values.gcp.secret.key }}
|
||||
path: credentials.json
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ if .Values.oracle.secret.enabled }}
|
||||
- name: {{ include "chartmuseum.fullname" . }}-oracle
|
||||
secret:
|
||||
secretName: {{ .Values.oracle.secret.name }}
|
||||
items:
|
||||
- key: {{ .Values.oracle.secret.config }}
|
||||
path: config
|
||||
- key: {{ .Values.oracle.secret.key_file }}
|
||||
path: oci.key
|
||||
{{ end }}
|
||||
{{- if .Values.bearerAuth.secret.enabled }}
|
||||
- name: public-key
|
||||
secret:
|
||||
secretName: {{ .Values.bearerAuth.secret.publicKeySecret }}
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user