charts/templates/deployment.yaml
{{- if eq .Values.general.architecture "standalone" }}
{{- $fullName := include "backend-java-patterns.fullname" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "backend-java-patterns.labels" . | nindent 4 }}
{{- if .Values.deployment.labels }}
{{- with .Values.deployment.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.deployment.annotations }}
{{- with .Values.deployment.annotations }}
annotations:
{{- toYaml . | indent 4 }}
{{- end }}
{{- end }}
spec:
{{- if not .Values.hpa.enabled }}
replicas: {{ .Values.general.replicas }}
{{- end }}
minReadySeconds: 5
revisionHistoryLimit: 5
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
{{- include "backend-java-patterns.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "backend-java-patterns.selectorLabels" . | nindent 8 }}
{{- if or .Values.deployment.annotations (and .Values.metrics.enabled .Values.metrics.annotations) }}
annotations:
{{- if .Values.deployment.annotations }}
{{- range $key, $value := .Values.deployment.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.metrics.enabled }}
{{- range $key, $value := .Values.metrics.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
spec:
restartPolicy: Always
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- with .Values.deployment.container.image.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.serviceAccount.enabled }}
serviceAccountName: {{ include "backend-java-patterns.serviceAccountName" . }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml .Values.topologySpreadConstraints | nindent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{- toYaml .Values.hostAliases | nindent 8 }}
{{- end }}
{{- if .Values.deployment.podSecurityContext }}
securityContext:
{{- toYaml .Values.deployment.podSecurityContext | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{ tpl .Values.extraInitContainers . | indent 6}}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ template "backend-java-patterns.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command: ["chown", "-R", "{{ .Values.securityContext.config.runAsUser }}:{{ .Values.securityContext.config.fsGroup }}", "{{ .Values.persistence.mountPath }}"]
securityContext:
runAsUser: 0
resources: {{ toYaml .Values.volumePermissions.resources | nindent 10 }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
{{- end }}
containers:
{{- if .Values.deployment.sidecars }}
{{- toYaml .Values.deployment.sidecars | nindent 8 }}
{{- end }}
- name: {{ .Chart.Name }}
image: "{{ .Values.deployment.container.image.repository }}:{{ .Values.deployment.container.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.deployment.container.image.pullPolicy }}
{{ if .Values.deployment.container.image.command -}}
command: {{ .Values.image.deployment.command }}
{{- end }}
{{ if .Values.deployment.container.image.args -}}
args: {{ .Values.image.deployment.args }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- toYaml .Values.securityContext.config | nindent 12 }}
{{- else if (or .Values.service.hostPort .Values.tls.hostPort) }}
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
{{- if .Values.general.lifecycleHooks }}
lifecycle:
{{- toYaml .Values.general.lifecycleHooks | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.httpPort | default 8000 }}
protocol: TCP
{{- if .Values.service.hostPort }}
hostPort: {{ .Values.service.hostPort }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: https
containerPort: {{ .Values.tls.externalPort | default 8443 }}
protocol: TCP
{{- if .Values.tls.hostPort }}
hostPort: {{ .Values.tls.hostPort }}
{{- end }}
{{- end }}
envFrom:
{{- if .Values.general.extraEnvVars }}
- configMapRef:
name: {{ .Values.general.extraEnvVars }}
{{- end }}
{{- if .Values.general.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.general.extraEnvVarsSecret }}
{{- end }}
env:
{{- if .Values.general.debug}}
- name: DEBUG
value: {{ ternary "true" "false" .Values.general.debug | quote }}
{{- end }}
{{- if ne (.Values.deployment.container.port | int) (8000 | int) }}
- name: PORT
value: "{{ .Values.deployment.container.port }}"
{{- end }}
{{- if .Values.message }}
- name: MESSAGE
value: "{{ .Values.message }}"
{{- end }}
{{- if .Values.ingress.configured }}
- name: HANDLER_PATH_PREFIX
{{- if .Values.ingress.rewritePath }}
value: ""
{{- else }}
value: "{{ .Values.ingress.pathPrefix }}"
{{- end }}
- name: RENDER_PATH_PREFIX
value: "{{ .Values.ingress.pathPrefix }}"
{{- end }}
{{- if .Values.secrets.data.baseToken }}
- name: BASE_TOKEN
valueFrom:
secretKeyRef:
{{- if .Values.secrets.secretKeyRefName }}
name: {{ .Values.secretes.secretKeyRefName }}
{{- else }}
name: {{ $fullName }}
{{- end }}
key: base-token
{{- end }}
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBERNETES_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CONTAINER_IMAGE
value: "{{ .Values.deployment.container.image.repository }}:{{ .Values.deployment.container.image.tag | default .Chart.AppVersion }}"
{{- if .Values.extraEnv }}
{{- toYaml .Values.extraEnv | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.configMaps.enabled }}
- name: config
mountPath: /etc/config/default.conf
subPath: default.conf
{{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
{{- end }}
{{- end }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{- if .Values.tls.enabled }}
- name: tls
mountPath: {{ .Values.tls.certPath | default "/data/cert" }}
{{- if .Values.tls.subPath }}
subPath: {{ .Values.tls.subPath }}
{{- end }}
readOnly: true
{{- end }}
{{ if .Values.deployment.livenessProbe.enabled -}}
livenessProbe:
{{- toYaml .Values.deployment.livenessProbe.config | nindent 12 }}
{{- end }}
{{ if .Values.deployment.readinessProbe.enabled -}}
readinessProbe:
{{- toYaml .Values.deployment.readinessProbe.config | nindent 12 }}
{{- end }}
{{- if .Values.deployment.resources }}
resources:
{{- toYaml .Values.deployment.resources | nindent 12 }}
{{- end }}
{{- with .Values.deployment.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.configMaps.enabled }}
- name: config
configMap:
name: {{ $fullName }}
{{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") }}
- name: custom-init-scripts
configMap:
name: {{ $fullName }}-init-scripts
{{- end }}
{{- end }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ $fullName }}-local-volume
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.tls.enabled }}
- name: tls
secret:
secretName: {{ include "backend-java-patterns.tlsSecretName" . }}
defaultMode: 0400
{{- end }}
{{- end }}