helm-charts/chartmuseum/templates/deployment.yaml
2021-01-17 04:09:41 +03:00

221 lines
7.4 KiB
YAML
Executable File

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chartmuseum.fullname" . }}
annotations:
{{ toYaml .Values.deployment.annotations | indent 4 }}
labels:
{{ include "chartmuseum.labels.standard" . | indent 4 }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app: {{ template "chartmuseum.name" . }}
release: {{ .Release.Name | quote }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels | indent 6 }}
{{- end }}
replicas: {{ .Values.replicaCount }}
strategy:
{{ toYaml .Values.strategy | indent 4 }}
revisionHistoryLimit: 10
{{- if .Values.deployment.matchlabes }}
selector:
matchLabels:
{{ toYaml .Values.deployment.matchlabels | indent 6 }}
{{- end }}
template:
metadata:
name: {{ include "chartmuseum.fullname" . }}
annotations:
{{ toYaml .Values.replica.annotations | indent 8 }}
labels:
app: {{ template "chartmuseum.name" . }}
release: {{ .Release.Name | quote }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels | indent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if .Values.securityContext.runAsNonRoot }}
runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
{{- end }}
{{- if .Values.securityContext.supplementalGroups }}
supplementalGroups: {{ .Values.securityContext.supplementalGroups }}
{{- end }}
{{- else if .Values.persistence.enabled }}
initContainers:
- name: volume-permissions
image: {{ template "chartmuseum.volumePermissions.image" . }}
imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
command: ['sh', '-c', 'chown -R {{ .Values.securityContext.fsGroup }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.path }}']
volumeMounts:
- mountPath: {{ .Values.persistence.path }}
name: storage-volume
{{- end }}
{{- include "chartmuseum.imagePullSecrets" . | indent 6 }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
env:
{{- range $name, $value := .Values.env.open }}
{{- if not (empty $value) }}
- name: {{ $name | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- range $name, $value := .Values.env.field }}
{{- if not ( empty $value) }}
- name: {{ $name | quote }}
valueFrom:
fieldRef:
fieldPath: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.gcp.secret.enabled }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/etc/secrets/google/credentials.json"
{{- end }}
{{- if .Values.env.existingSecret }}
{{- $secret_name := .Values.env.existingSecret }}
{{- range $name, $key := .Values.env.existingSecretMappings }}
{{- if not ( empty $key) }}
- name: {{ $name | quote }}
valueFrom:
secretKeyRef:
name: {{ $secret_name | quote }}
key: {{ $key | quote }}
{{- end }}
{{- end }}
{{- else }}
{{- $secret_name := include "chartmuseum.fullname" . }}
{{- range $name, $value := .Values.env.secret }}
{{- if not ( empty $value) }}
- name: {{ $name | quote }}
valueFrom:
secretKeyRef:
name: {{ $secret_name }}
key: {{ $name | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.bearerAuth.secret.enabled }}
- name: AUTH_CERT_PATH
value: /var/keys/public-key.pem
{{ end }}
args:
- --port=8080
{{- if eq .Values.env.open.STORAGE "local" }}
- --storage-local-rootdir={{ .Values.persistence.path }}
{{- end }}
{{- if .Values.extraArgs }}
{{ toYaml .Values.extraArgs | indent 8 }}
{{- end }}
ports:
- name: http
containerPort: 8080
livenessProbe:
httpGet:
path: {{ .Values.env.open.CONTEXT_PATH }}/health
port: http
{{ toYaml .Values.probes.liveness | indent 10 }}
readinessProbe:
httpGet:
path: {{ .Values.env.open.CONTEXT_PATH }}/health
port: http
{{ toYaml .Values.probes.readiness | indent 10 }}
volumeMounts:
{{- if eq .Values.env.open.STORAGE "local" }}
- mountPath: {{ .Values.persistence.path }}
name: storage-volume
{{- end }}
{{- if .Values.gcp.secret.enabled }}
- mountPath: /etc/secrets/google
name: {{ include "chartmuseum.fullname" . }}-gcp
{{- end }}
{{- if .Values.oracle.secret.enabled }}
- mountPath: /home/chartmuseum/.oci
name: {{ include "chartmuseum.fullname" . }}-oracle
{{- end }}
{{- if .Values.bearerAuth.secret.enabled }}
- name: public-key
mountPath: /var/keys
readOnly: true
{{- end }}
{{- with .Values.resources }}
resources:
{{ toYaml . | indent 10 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.deployment.schedulerName }}
schedulerName: {{ .Values.deployment.schedulerName }}
{{- end -}}
{{- if and .Values.serviceAccount.create .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- else if .Values.serviceAccount.create }}
serviceAccountName: {{ include "chartmuseum.fullname" . }}
{{- else if .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
volumes:
- name: storage-volume
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "chartmuseum.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{ if .Values.gcp.secret.enabled }}
- name: {{ include "chartmuseum.fullname" . }}-gcp
secret:
{{ if .Values.env.secret.GOOGLE_CREDENTIALS_JSON }}
secretName: {{ include "chartmuseum.fullname" . }}
items:
- key: GOOGLE_CREDENTIALS_JSON
path: credentials.json
{{ else }}
secretName: {{ .Values.gcp.secret.name }}
items:
- key: {{ .Values.gcp.secret.key }}
path: credentials.json
{{ end }}
{{ end }}
{{ if .Values.oracle.secret.enabled }}
- name: {{ include "chartmuseum.fullname" . }}-oracle
secret:
secretName: {{ .Values.oracle.secret.name }}
items:
- key: {{ .Values.oracle.secret.config }}
path: config
- key: {{ .Values.oracle.secret.key_file }}
path: oci.key
{{ end }}
{{- if .Values.bearerAuth.secret.enabled }}
- name: public-key
secret:
secretName: {{ .Values.bearerAuth.secret.publicKeySecret }}
{{- end }}