AlexRogalskiy/java-patterns

View on GitHub
charts/templates/deployment.yaml

Summary

Maintainability
Test Coverage
{{- if eq .Values.general.architecture "standalone" }}
{{- $fullName := include "backend-java-patterns.fullname" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ $fullName }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "backend-java-patterns.labels" . | nindent 4 }}
  {{- if .Values.deployment.labels }}
  {{- with .Values.deployment.labels }}
    {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- end }}
  {{- if .Values.deployment.annotations }}
  {{- with .Values.deployment.annotations }}
  annotations:
    {{- toYaml . | indent 4 }}
  {{- end }}
  {{- end }}
spec:
  {{- if not .Values.hpa.enabled }}
  replicas: {{ .Values.general.replicas }}
  {{- end }}
  minReadySeconds: 5
  revisionHistoryLimit: 5
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  selector:
    matchLabels:
      {{- include "backend-java-patterns.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "backend-java-patterns.selectorLabels" . | nindent 8 }}
      {{- if or .Values.deployment.annotations (and .Values.metrics.enabled .Values.metrics.annotations) }}
      annotations:
      {{- if .Values.deployment.annotations }}
        {{- range $key, $value := .Values.deployment.annotations }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
      {{- end }}
      {{- if .Values.metrics.enabled }}
        {{- range $key, $value := .Values.metrics.annotations }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
      {{- end }}
      {{- end }}
    spec:
      restartPolicy: Always
      {{- if .Values.terminationGracePeriodSeconds }}
      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
      {{- end }}
      {{- with .Values.deployment.container.image.pullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.serviceAccount.enabled }}
      serviceAccountName: {{ include "backend-java-patterns.serviceAccountName" . }}
      {{- end }}
      {{- if .Values.schedulerName }}
      schedulerName: "{{ .Values.schedulerName }}"
      {{- end }}
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName | quote }}
      {{- end }}
      {{- if .Values.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- toYaml .Values.topologySpreadConstraints | nindent 8 }}
      {{- end }}
      {{- if .Values.hostAliases }}
      hostAliases:
        {{- toYaml .Values.hostAliases | nindent 8 }}
      {{- end }}
      {{- if .Values.deployment.podSecurityContext }}
      securityContext:
        {{- toYaml .Values.deployment.podSecurityContext | nindent 8 }}
      {{- end }}
      initContainers:
        {{- if .Values.extraInitContainers }}
          {{ tpl .Values.extraInitContainers . | indent 6}}
        {{- end }}
        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
        - name: volume-permissions
          image: {{ template "backend-java-patterns.volumePermissions.image" . }}
          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
          command: ["chown", "-R", "{{ .Values.securityContext.config.runAsUser }}:{{ .Values.securityContext.config.fsGroup }}", "{{ .Values.persistence.mountPath }}"]
          securityContext:
            runAsUser: 0
          resources: {{ toYaml .Values.volumePermissions.resources | nindent 10 }}
          volumeMounts:
            - name: data
              mountPath: {{ .Values.persistence.mountPath }}
        {{- end }}
      containers:
        {{- if .Values.deployment.sidecars }}
          {{- toYaml .Values.deployment.sidecars | nindent 8 }}
        {{- end }}
        - name: {{ .Chart.Name }}
          image: "{{ .Values.deployment.container.image.repository }}:{{ .Values.deployment.container.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.deployment.container.image.pullPolicy }}
          {{ if .Values.deployment.container.image.command -}}
          command: {{ .Values.image.deployment.command }}
          {{- end }}
          {{ if .Values.deployment.container.image.args -}}
          args: {{ .Values.image.deployment.args }}
          {{- end }}
          {{- if .Values.securityContext.enabled }}
          securityContext:
          {{- toYaml .Values.securityContext.config | nindent 12 }}
          {{- else if (or .Values.service.hostPort .Values.tls.hostPort) }}
          securityContext:
            allowPrivilegeEscalation: true
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
          {{- end }}
          {{- if .Values.general.lifecycleHooks }}
          lifecycle:
          {{- toYaml .Values.general.lifecycleHooks | nindent 12 }}
          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.service.httpPort | default 8000 }}
              protocol: TCP
              {{- if .Values.service.hostPort }}
              hostPort: {{ .Values.service.hostPort }}
              {{- end }}
            {{- if .Values.tls.enabled }}
            - name: https
              containerPort: {{ .Values.tls.externalPort | default 8443 }}
              protocol: TCP
              {{- if .Values.tls.hostPort }}
              hostPort: {{ .Values.tls.hostPort }}
              {{- end }}
            {{- end }}
          envFrom:
          {{- if .Values.general.extraEnvVars }}
            - configMapRef:
                name: {{ .Values.general.extraEnvVars }}
          {{- end }}
          {{- if .Values.general.extraEnvVarsSecret }}
            - secretRef:
                name: {{ .Values.general.extraEnvVarsSecret }}
          {{- end }}
          env:
            {{- if .Values.general.debug}}
            - name: DEBUG
              value: {{ ternary "true" "false" .Values.general.debug | quote }}
            {{- end }}
            {{- if ne (.Values.deployment.container.port | int) (8000 | int) }}
            - name: PORT
              value: "{{ .Values.deployment.container.port }}"
            {{- end }}
            {{- if .Values.message }}
            - name: MESSAGE
              value: "{{ .Values.message }}"
            {{- end }}
            {{- if .Values.ingress.configured }}
            - name: HANDLER_PATH_PREFIX
              {{- if .Values.ingress.rewritePath }}
              value: ""
              {{- else }}
              value: "{{ .Values.ingress.pathPrefix }}"
              {{- end }}
            - name: RENDER_PATH_PREFIX
              value: "{{ .Values.ingress.pathPrefix }}"
            {{- end }}
           {{- if .Values.secrets.data.baseToken }}
            - name: BASE_TOKEN
              valueFrom:
                secretKeyRef:
                {{- if .Values.secrets.secretKeyRefName }}
                  name: {{ .Values.secretes.secretKeyRefName }}
                {{- else }}
                  name: {{ $fullName }}
                {{- end }}
                  key: base-token
            {{- end }}
            - name: KUBERNETES_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: KUBERNETES_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: KUBERNETES_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: CONTAINER_IMAGE
              value: "{{ .Values.deployment.container.image.repository }}:{{ .Values.deployment.container.image.tag | default .Chart.AppVersion }}"
            {{- if .Values.extraEnv }}
              {{- toYaml .Values.extraEnv | nindent 12 }}
            {{- end }}
          volumeMounts:
            {{- if .Values.configMaps.enabled }}
            - name: config
              mountPath: /etc/config/default.conf
              subPath: default.conf
            {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") }}
            - name: custom-init-scripts
              mountPath: /docker-entrypoint-initdb.d
            {{- end }}
            {{- end }}
            - name: data
              mountPath: {{ .Values.persistence.mountPath }}
              subPath: {{ .Values.persistence.subPath }}
            {{- if .Values.tls.enabled }}
            - name: tls
              mountPath: {{ .Values.tls.certPath | default "/data/cert" }}
              {{- if .Values.tls.subPath }}
              subPath: {{ .Values.tls.subPath }}
              {{- end }}
              readOnly: true
            {{- end }}
          {{ if .Values.deployment.livenessProbe.enabled -}}
          livenessProbe:
            {{- toYaml .Values.deployment.livenessProbe.config | nindent 12 }}
          {{- end }}
          {{ if .Values.deployment.readinessProbe.enabled -}}
          readinessProbe:
            {{- toYaml .Values.deployment.readinessProbe.config | nindent 12 }}
          {{- end }}
          {{- if .Values.deployment.resources }}
          resources:
            {{- toYaml .Values.deployment.resources | nindent 12 }}
          {{- end }}
      {{- with .Values.deployment.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.deployment.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.deployment.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
        {{- if .Values.configMaps.enabled }}
        - name: config
          configMap:
            name: {{ $fullName }}
        {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") }}
        - name: custom-init-scripts
          configMap:
            name: {{ $fullName }}-init-scripts
        {{- end }}
        {{- end }}
        - name: data
          {{- if .Values.persistence.enabled }}
          persistentVolumeClaim:
            claimName: {{ $fullName }}-local-volume
          {{- else }}
          emptyDir: {}
          {{- end }}
        {{- if .Values.tls.enabled }}
        - name: tls
          secret:
            secretName: {{ include "backend-java-patterns.tlsSecretName" . }}
            defaultMode: 0400
        {{- end }}
{{- end }}