helm/korifi/api/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: korifi-api
name: korifi-api-deployment
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.api.replicas | default 1}}
selector:
matchLabels:
app: korifi-api
template:
metadata:
labels:
app: korifi-api
annotations:
checksum/config: {{ tpl ($.Files.Get "api/configmap.yaml") $ | sha256sum }}
spec:
containers:
- env:
- name: APICONFIG
value: /etc/korifi-api-config
- name: TLSCONFIG
value: /etc/korifi-tls-config
image: {{ .Values.api.image }}
{{- if .Values.debug }}
command:
- "/dlv"
args:
- "--listen=:40000"
- "--headless=true"
- "--api-version=2"
- "exec"
- "/cfapi"
- "--continue"
- "--accept-multiclient"
{{- end }}
name: korifi-api
ports:
- containerPort: {{ .Values.api.apiServer.internalPort }}
name: web
{{- include "korifi.resources" . | indent 8 }}
{{- include "korifi.securityContext" . | indent 8 }}
volumeMounts:
- mountPath: /etc/korifi-api-config
name: korifi-api-config
readOnly: true
- mountPath: /etc/korifi-tls-config
name: korifi-tls-config
readOnly: true
{{- if .Values.containerRegistryCACertSecret }}
- mountPath: /etc/ssl/certs/registry-ca.crt
name: korifi-registry-ca-cert
subPath: ca.crt
readOnly: true
{{- end }}
{{- include "korifi.podSecurityContext" . | indent 6 }}
serviceAccountName: korifi-api-system-serviceaccount
{{- if .Values.api.nodeSelector }}
nodeSelector:
{{ toYaml .Values.api.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.api.tolerations }}
tolerations:
{{- toYaml .Values.api.tolerations | nindent 8 }}
{{- end }}
volumes:
- configMap:
name: korifi-api-config
name: korifi-api-config
- name: korifi-tls-config
secret:
secretName: korifi-api-ingress-cert
{{- if .Values.containerRegistryCACertSecret }}
- name: korifi-registry-ca-cert
secret:
secretName: {{ .Values.containerRegistryCACertSecret }}
{{- end }}