Gitiles
Code Review Sign In
code.v1.dodo.cloud / helm-charts / 620d57b6a30a09c95e4c5faf6b3ae48e95548505 / . / charts / nginx / templates / deployment.yaml
blob: 438b5f1bd35a21e10e8b3fbf35f2361efc426be5 [file] [log] [blame]
Sketch🕴️620d57b2025-07-31 22:31:14 +0400[diff] [blame^]1{{- /*
2Copyright Broadcom, Inc. All Rights Reserved.
3SPDX-License-Identifier: APACHE-2.0
4*/}}
5
6apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
7kind: Deployment
8metadata:
9 name: {{ include "common.names.fullname" . }}
10 namespace: {{ include "common.names.namespace" . | quote }}
11 labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
12 {{- if .Values.commonAnnotations }}
13 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
14 {{- end }}
15spec:
16 {{- if not .Values.autoscaling.enabled }}
17 replicas: {{ .Values.replicaCount }}
18 {{- end }}
19 revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
20 {{- if .Values.updateStrategy }}
21 strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
22 {{- end }}
23 {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
24 selector:
25 matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
26 template:
27 metadata:
28 labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
29 annotations:
30 {{- if .Values.podAnnotations }}
31 {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
32 {{- end }}
33 {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
34 {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
35 {{- end }}
36 {{- if and .Values.serverBlock (not .Values.existingServerBlockConfigmap) }}
37 checksum/server-block-configuration: {{ include (print $.Template.BasePath "/server-block-configmap.yaml") . | sha256sum }}
38 {{- end }}
39 {{- if and .Values.streamServerBlock (not .Values.existingServerBlockConfigmap) }}
40 checksum/stream-server-block-configuration: {{ include (print $.Template.BasePath "/stream-server-block-configmap.yaml") . | sha256sum }}
41 {{- end }}
42 spec:
43 {{- include "nginx.imagePullSecrets" . | nindent 6 }}
44 shareProcessNamespace: {{ .Values.sidecarSingleProcessNamespace }}
45 serviceAccountName: {{ template "nginx.serviceAccountName" . }}
46 automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
47 {{- if .Values.hostAliases }}
48 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
49 {{- end }}
50 {{- if .Values.affinity }}
51 affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
52 {{- else }}
53 affinity:
54 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
55 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
56 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
57 {{- end }}
58 hostNetwork: {{ .Values.hostNetwork }}
59 {{- if .Values.dnsPolicy }}
60 dnsPolicy: {{ .Values.dnsPolicy }}
61 {{- end }}
62 {{- if .Values.dnsConfig }}
63 dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" $) | nindent 8 }}
64 {{- end }}
65 hostIPC: {{ .Values.hostIPC }}
66 {{- if .Values.priorityClassName }}
67 priorityClassName: {{ .Values.priorityClassName | quote }}
68 {{- end }}
69 {{- if .Values.nodeSelector }}
70 nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
71 {{- end }}
72 {{- if .Values.tolerations }}
73 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
74 {{- end }}
75 {{- if .Values.schedulerName }}
76 schedulerName: {{ .Values.schedulerName | quote }}
77 {{- end }}
78 {{- if .Values.topologySpreadConstraints }}
79 topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
80 {{- end }}
81 {{- if .Values.podSecurityContext.enabled }}
82 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
83 {{- end }}
84 {{- if .Values.terminationGracePeriodSeconds }}
85 terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
86 {{- end }}
87 {{- if or .Values.initContainers (and .Values.enableDefaultInitContainers (or .Values.containerSecurityContext.readOnlyRootFilesystem .Values.cloneStaticSiteFromGit.enabled)) }}
88 initContainers:
89 {{- if .Values.enableDefaultInitContainers }}
90 {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }}
91 - name: preserve-logs-symlinks
92 image: {{ include "nginx.image" . }}
93 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
94 {{- if .Values.containerSecurityContext.enabled }}
95 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
96 {{- end }}
97 {{- if .Values.resources }}
98 resources: {{- toYaml .Values.resources | nindent 12 }}
99 {{- else if ne .Values.resourcesPreset "none" }}
100 resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
101 {{- end }}
102 command:
103 - /bin/bash
104 args:
105 - -ec
106 - |
107 #!/bin/bash
108 . /opt/bitnami/scripts/libfs.sh
109 # We copy the logs folder because it has symlinks to stdout and stderr
110 if ! is_dir_empty /opt/bitnami/nginx/logs; then
111 cp -r /opt/bitnami/nginx/logs /emptydir/app-logs-dir
112 fi
113 volumeMounts:
114 - name: empty-dir
115 mountPath: /emptydir
116 {{- end }}
117 {{- if .Values.cloneStaticSiteFromGit.enabled }}
118 - name: git-clone-repository
119 image: {{ include "nginx.cloneStaticSiteFromGit.image" . }}
120 imagePullPolicy: {{ .Values.cloneStaticSiteFromGit.image.pullPolicy | quote }}
121 {{- if .Values.containerSecurityContext.enabled }}
122 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
123 {{- end }}
124 {{- if .Values.cloneStaticSiteFromGit.gitClone.command }}
125 command: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.gitClone.command "context" $) | nindent 12 }}
126 {{- else }}
127 command:
128 - /bin/bash
129 - -ec
130 - |
131 [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh"
132 git clone {{ .Values.cloneStaticSiteFromGit.repository }} --branch {{ .Values.cloneStaticSiteFromGit.branch }} /tmp/app
133 [[ "$?" -eq 0 ]] && shopt -s dotglob && rm -rf /app/* && mv /tmp/app/* /app/
134 {{- end }}
135 {{- if .Values.cloneStaticSiteFromGit.gitClone.args }}
136 args: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.gitClone.args "context" $) | nindent 12 }}
137 {{- end }}
138 {{- if .Values.cloneStaticSiteFromGit.gitSync.resources }}
139 resources: {{- toYaml .Values.cloneStaticSiteFromGit.gitSync.resources | nindent 12 }}
140 {{- else if ne .Values.cloneStaticSiteFromGit.gitSync.resourcesPreset "none" }}
141 resources: {{- include "common.resources.preset" (dict "type" .Values.cloneStaticSiteFromGit.gitSync.resourcesPreset) | nindent 12 }}
142 {{- end }}
143 volumeMounts:
144 - name: empty-dir
145 mountPath: /tmp
146 subPath: tmp-dir
147 - name: empty-dir
148 mountPath: /etc/ssh
149 subPath: etc-ssh-dir
150 - name: empty-dir
151 mountPath: /.ssh
152 subPath: ssh-dir
153 - name: staticsite
154 mountPath: /app
155 {{- if .Values.cloneStaticSiteFromGit.extraVolumeMounts }}
156 {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraVolumeMounts "context" $) | nindent 12 }}
157 {{- end }}
158 {{- if .Values.cloneStaticSiteFromGit.extraEnvVars }}
159 env: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraEnvVars "context" $) | nindent 12 }}
160 {{- end }}
161 {{- if .Values.cloneStaticSiteFromGit.extraEnvVarsSecret }}
162 envFrom:
163 - secretRef:
164 name: {{ include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraEnvVarsSecret "context" $) }}
165 {{- end }}
166 {{- end }}
167 {{- end }}
168 {{- if .Values.initContainers }}
169 {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
170 {{- end }}
171 {{- end }}
172 containers:
173 {{- if .Values.cloneStaticSiteFromGit.enabled }}
174 - name: git-repo-syncer
175 image: {{ include "nginx.cloneStaticSiteFromGit.image" . }}
176 imagePullPolicy: {{ .Values.cloneStaticSiteFromGit.image.pullPolicy | quote }}
177 {{- if .Values.containerSecurityContext.enabled }}
178 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
179 {{- end }}
180 {{- if .Values.cloneStaticSiteFromGit.gitSync.command }}
181 command: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.gitSync.command "context" $) | nindent 12 }}
182 {{- else }}
183 command:
184 - /bin/bash
185 - -ec
186 - |
187 [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh"
188 while true; do
189 cd /app && git -c safe.directory=/app pull origin {{ .Values.cloneStaticSiteFromGit.branch }}
190 sleep {{ .Values.cloneStaticSiteFromGit.interval }}
191 done
192 {{- end }}
193 {{- if .Values.cloneStaticSiteFromGit.gitSync.args }}
194 args: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.gitSync.args "context" $) | nindent 12 }}
195 {{- end }}
196 {{- if .Values.cloneStaticSiteFromGit.gitSync.resources }}
197 resources: {{- toYaml .Values.cloneStaticSiteFromGit.gitSync.resources | nindent 12 }}
198 {{- else if ne .Values.cloneStaticSiteFromGit.gitSync.resourcesPreset "none" }}
199 resources: {{- include "common.resources.preset" (dict "type" .Values.cloneStaticSiteFromGit.gitSync.resourcesPreset) | nindent 12 }}
200 {{- end }}
201 volumeMounts:
202 - name: empty-dir
203 mountPath: /tmp
204 subPath: tmp-dir
205 - name: empty-dir
206 mountPath: /etc/ssh
207 subPath: etc-ssh-dir
208 - name: empty-dir
209 mountPath: /.ssh
210 subPath: ssh-dir
211 - name: staticsite
212 mountPath: /app
213 {{- if .Values.cloneStaticSiteFromGit.extraVolumeMounts }}
214 {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraVolumeMounts "context" $) | nindent 12 }}
215 {{- end }}
216 {{- if .Values.cloneStaticSiteFromGit.extraEnvVars }}
217 env: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraEnvVars "context" $) | nindent 12 }}
218 {{- end }}
219 {{- if .Values.cloneStaticSiteFromGit.extraEnvVarsSecret }}
220 envFrom:
221 - secretRef:
222 name: {{ include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraEnvVarsSecret "context" $) }}
223 {{- end }}
224 {{- end }}
225 - name: nginx
226 image: {{ include "nginx.image" . }}
227 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
228 {{- if .Values.containerSecurityContext.enabled }}
229 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
230 {{- end }}
231 {{- if .Values.diagnosticMode.enabled }}
232 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
233 {{- else if .Values.command }}
234 command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
235 {{- end }}
236 {{- if .Values.diagnosticMode.enabled }}
237 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
238 {{- else if .Values.args }}
239 args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
240 {{- end }}
241 {{- if .Values.lifecycleHooks }}
242 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
243 {{- end }}
244 env:
245 - name: BITNAMI_DEBUG
246 value: {{ ternary "true" "false" .Values.image.debug | quote }}
247 {{- if .Values.containerPorts.http }}
248 - name: NGINX_HTTP_PORT_NUMBER
249 value: {{ .Values.containerPorts.http | quote }}
250 {{- end }}
251 {{- if .Values.containerPorts.https }}
252 - name: NGINX_HTTPS_PORT_NUMBER
253 value: {{ .Values.containerPorts.https | quote }}
254 {{- end }}
255 {{- if or .Values.streamServerBlock .Values.existingStreamServerBlockConfigmap }}
256 - name: NGINX_ENABLE_STREAM
257 value: "true"
258 {{- end }}
259 {{- if .Values.extraEnvVars }}
260 {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
261 {{- end }}
262 envFrom:
263 {{- if .Values.extraEnvVarsCM }}
264 - configMapRef:
265 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
266 {{- end }}
267 {{- if .Values.extraEnvVarsSecret }}
268 - secretRef:
269 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
270 {{- end }}
271 ports:
272 {{- if .Values.containerPorts.http }}
273 - name: http
274 containerPort: {{ .Values.containerPorts.http }}
275 {{- end }}
276 {{- if .Values.containerPorts.https }}
277 - name: https
278 containerPort: {{ .Values.containerPorts.https }}
279 {{- end }}
280 {{- if .Values.extraContainerPorts }}
281 {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }}
282 {{- end }}
283 {{- if not .Values.diagnosticMode.enabled }}
284 {{- if .Values.customLivenessProbe }}
285 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
286 {{- else if .Values.livenessProbe.enabled }}
287 livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
288 tcpSocket:
289 port: {{ ternary "https" "http" (and (empty .Values.containerPorts.http) (not (empty .Values.containerPorts.https))) }}
290 {{- end }}
291 {{- if .Values.customReadinessProbe }}
292 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
293 {{- else if .Values.readinessProbe.enabled }}
294 readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled" "path") "context" $) | nindent 12 }}
295 httpGet:
296 path: {{ .Values.readinessProbe.path }}
297 port: {{ ternary "https" "http" (and (empty .Values.containerPorts.http) (not (empty .Values.containerPorts.https))) }}
298 {{- end }}
299 {{- if .Values.customStartupProbe }}
300 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
301 {{- else if .Values.startupProbe.enabled }}
302 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
303 tcpSocket:
304 port: {{ ternary "https" "http" (and (empty .Values.containerPorts.http) (not (empty .Values.containerPorts.https))) }}
305 {{- end }}
306 {{- end }}
307 {{- if .Values.resources }}
308 resources: {{- toYaml .Values.resources | nindent 12 }}
309 {{- else if ne .Values.resourcesPreset "none" }}
310 resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
311 {{- end }}
312 volumeMounts:
313 - name: empty-dir
314 mountPath: /tmp
315 subPath: tmp-dir
316 - name: empty-dir
317 mountPath: /opt/bitnami/nginx/conf
318 subPath: app-conf-dir
319 - name: empty-dir
320 mountPath: /opt/bitnami/nginx/logs
321 subPath: app-logs-dir
322 - name: empty-dir
323 mountPath: /opt/bitnami/nginx/tmp
324 subPath: app-tmp-dir
325 {{- if or .Values.serverBlock .Values.existingServerBlockConfigmap }}
326 - name: nginx-server-block
327 mountPath: /opt/bitnami/nginx/conf/server_blocks
328 {{- end }}
329 {{- if or .Values.streamServerBlock .Values.existingStreamServerBlockConfigmap }}
330 - name: nginx-stream-server-block
331 mountPath: /opt/bitnami/nginx/conf/stream_server_blocks
332 {{- end }}
333 {{- if (include "nginx.useStaticSite" .) }}
334 - name: staticsite
335 mountPath: /app
336 {{- end }}
337 {{- if .Values.tls.enabled }}
338 - name: certificate
339 mountPath: /certs
340 {{- else }}
341 - name: empty-dir
342 mountPath: /certs
343 subPath: app-tls-dir
344 {{- end }}
345 {{- if .Values.extraVolumeMounts }}
346 {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
347 {{- end }}
348 {{- if .Values.metrics.enabled }}
349 - name: metrics
350 image: {{ include "nginx.metrics.image" . }}
351 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
352 {{- if .Values.metrics.securityContext.enabled }}
353 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.securityContext "context" $) | nindent 12 }}
354 {{- end }}
355 command:
356 - exporter
357 args:
358 - --nginx.scrape-uri
359 - {{ printf "http://127.0.0.1:%d/status" (int (default .Values.containerPorts.http .Values.metrics.port)) | quote }}
360 - --web.listen-address
361 - {{ printf ":%d" (int .Values.metrics.containerPorts.metrics) | quote }}
362 {{- if .Values.metrics.extraArgs }}
363 {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraArgs "context" $ ) | nindent 12 }}
364 {{- end }}
365 ports:
366 - name: metrics
367 containerPort: {{ .Values.metrics.containerPorts.metrics }}
368 livenessProbe:
369 httpGet:
370 path: /metrics
371 port: metrics
372 initialDelaySeconds: 15
373 timeoutSeconds: 5
374 readinessProbe:
375 httpGet:
376 path: /metrics
377 port: metrics
378 initialDelaySeconds: 5
379 timeoutSeconds: 1
380 {{- if .Values.metrics.resources }}
381 resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
382 {{- else if ne .Values.metrics.resourcesPreset "none" }}
383 resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
384 {{- end }}
385 {{- end }}
386 {{- if .Values.sidecars }}
387 {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
388 {{- end }}
389 volumes:
390 - name: empty-dir
391 emptyDir: {}
392 {{- if .Values.tls.enabled }}
393 - name: certificate
394 secret:
395 {{- if .Values.tls.existingSecret }}
396 secretName: {{ .Values.tls.existingSecret }}
397 {{- else }}
398 secretName: {{ printf "%s-tls" (include "common.names.fullname" .) }}
399 items:
400 - key: tls.crt
401 path: tls.crt
402 - key: tls.key
403 path: tls.key
404 {{- end }}
405 {{- end }}
406 {{- if or .Values.serverBlock .Values.existingServerBlockConfigmap }}
407 - name: nginx-server-block
408 configMap:
409 name: {{ include "nginx.serverBlockConfigmapName" . }}
410 {{- end }}
411 {{- if or .Values.streamServerBlock .Values.existingStreamServerBlockConfigmap }}
412 - name: nginx-stream-server-block
413 configMap:
414 name: {{ include "nginx.streamServerBlockConfigmapName" . }}
415 {{- end }}
416 {{- if (include "nginx.useStaticSite" .) }}
417 - name: staticsite
418 {{- include "nginx.staticSiteVolume" . | nindent 10 }}
419 {{- end }}
420 {{- if .Values.extraVolumes }}
421 {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
422 {{- end }}