charts/dodo-app/templates/install.yaml - pcloud - Gitiles

 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ .Values.clusterRoleName }}
 rules:
 - apiGroups:
   - ""
   resources:
   - namespaces
   verbs:
   - create
 - apiGroups:
   - "batch"
   resources:
   - jobs
   verbs:
   - create
 - apiGroups:
   - "helm.toolkit.fluxcd.io"
   resources:
   - helmreleases
   verbs:
   - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ .Values.clusterRoleName }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: {{ .Values.clusterRoleName }}
 subjects:
 - kind: ServiceAccount
   name: default
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: ssh-key
 type: Opaque
 data:
   private: {{ .Values.sshPrivateKey }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: api
 spec:
   type: ClusterIP
   selector:
     app: dodo-app
   ports:
   - name: http
     port: 80
     targetPort: api
     protocol: TCP
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: web
 spec:
   type: ClusterIP
   selector:
     app: dodo-app
   ports:
   - name: http
     port: 80
     targetPort: http
     protocol: TCP
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: dodo-app
 spec:
   selector:
     matchLabels:
       app: dodo-app
   replicas: 1
   template:
     metadata:
       labels:
         app: dodo-app
     spec:
       volumes:
       - name: ssh-key
         secret:
           secretName: ssh-key
       - name: env-config
         secret:
           secretName: env-config
       - name: db
         persistentVolumeClaim:
           claimName: {{ .Values.persistentVolumeClaimName }}
       initContainers:
       - name: volume-permissions
         image: busybox:latest
         command: ["sh", "-c", "chmod -Rv 777 /dodo-app/db"]
         volumeMounts:
         - name: db
           mountPath: /dodo-app/db
       containers:
       - name: dodo-app
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - name: http
           containerPort: {{ .Values.port }}
           protocol: TCP
         - name: api
           containerPort: {{ .Values.apiPort }}
           protocol: TCP
         command:
         - pcloud-installer
         - dodo-app
         - --repo-addr={{ .Values.repoAddr }}
         - --ssh-key=/pcloud/ssh-key/private
         - --port={{ .Values.port }}
         - --api-port={{ .Values.apiPort }}
         - --self={{ .Values.self }}
         - --namespace={{ .Values.namespace }} # TODO(gio): maybe use .Release.Namespace ?
         - --env-app-manager-addr={{ .Values.envAppManagerAddr }}
         - --env-config=/pcloud/env-config/config.json
         - --app-admin-key={{ .Values.appAdminKey }}
         - --git-repo-public-key={{ .Values.gitRepoPublicKey }}
         - --db=/dodo-app/db/apps.db
         volumeMounts:
         - name: ssh-key
           readOnly: true
           mountPath: /pcloud/ssh-key
         - name: env-config
           readOnly: true
           mountPath: /pcloud/env-config
         - name: db
           mountPath: /dodo-app/db
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: env-config
 type: Opaque
 data:
   config.json: {{ .Values.envConfig }}
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: {{ .Values.clusterRoleName }}
	rules:
	- apiGroups:
	- ""
	resources:
	- namespaces
	verbs:
	- create
	- apiGroups:
	- "batch"
	resources:
	- jobs
	verbs:
	- create
	- apiGroups:
	- "helm.toolkit.fluxcd.io"
	resources:
	- helmreleases
	verbs:
	- get
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: {{ .Values.clusterRoleName }}
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: {{ .Values.clusterRoleName }}
	subjects:
	- kind: ServiceAccount
	name: default
	namespace: {{ .Release.Namespace }}
	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: ssh-key
	type: Opaque
	data:
	private: {{ .Values.sshPrivateKey }}
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: api
	spec:
	type: ClusterIP
	selector:
	app: dodo-app
	ports:
	- name: http
	port: 80
	targetPort: api
	protocol: TCP
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: web
	spec:
	type: ClusterIP
	selector:
	app: dodo-app
	ports:
	- name: http
	port: 80
	targetPort: http
	protocol: TCP
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: dodo-app
	spec:
	selector:
	matchLabels:
	app: dodo-app
	replicas: 1
	template:
	metadata:
	labels:
	app: dodo-app
	spec:
	volumes:
	- name: ssh-key
	secret:
	secretName: ssh-key
	- name: env-config
	secret:
	secretName: env-config
	- name: db
	persistentVolumeClaim:
	claimName: {{ .Values.persistentVolumeClaimName }}
	initContainers:
	- name: volume-permissions
	image: busybox:latest
	command: ["sh", "-c", "chmod -Rv 777 /dodo-app/db"]
	volumeMounts:
	- name: db
	mountPath: /dodo-app/db
	containers:
	- name: dodo-app
	image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
	imagePullPolicy: {{ .Values.image.pullPolicy }}
	ports:
	- name: http
	containerPort: {{ .Values.port }}
	protocol: TCP
	- name: api
	containerPort: {{ .Values.apiPort }}
	protocol: TCP
	command:
	- pcloud-installer
	- dodo-app
	- --repo-addr={{ .Values.repoAddr }}
	- --ssh-key=/pcloud/ssh-key/private
	- --port={{ .Values.port }}
	- --api-port={{ .Values.apiPort }}
	- --self={{ .Values.self }}
	- --namespace={{ .Values.namespace }} # TODO(gio): maybe use .Release.Namespace ?
	- --env-app-manager-addr={{ .Values.envAppManagerAddr }}
	- --env-config=/pcloud/env-config/config.json
	- --app-admin-key={{ .Values.appAdminKey }}
	- --git-repo-public-key={{ .Values.gitRepoPublicKey }}
	- --db=/dodo-app/db/apps.db
	volumeMounts:
	- name: ssh-key
	readOnly: true
	mountPath: /pcloud/ssh-key
	- name: env-config
	readOnly: true
	mountPath: /pcloud/env-config
	- name: db
	mountPath: /dodo-app/db
	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: env-config
	type: Opaque
	data:
	config.json: {{ .Values.envConfig }}