Blame - charts/penpot/templates/backend/deployment.yaml - pcloud

blob: 064123d8896645ccaf9e3a60b43dec301b3c10b7 [file] [log] [blame]

Giorgi Lekveishvili	3e45d0a	2023-06-26 09:53:42 +0400	[diff] [blame]	1	apiVersion: apps/v1
				2	kind: Deployment
				3	metadata:
				4	name: {{ include "penpot.fullname" . }}-backend
				5	namespace: {{ .Release.Namespace }}
				6	labels:
				7	{{- include "penpot.labels" . \| nindent 4 }}
				8	spec:
				9	replicas: {{ .Values.backend.replicaCount }}
				10	selector:
				11	matchLabels:
				12	{{- include "penpot.backendSelectorLabels" . \| nindent 6 }}
				13	template:
				14	metadata:
				15	labels:
				16	{{- include "penpot.backendSelectorLabels" . \| nindent 8 }}
				17	spec:
				18	{{- with .Values.global.imagePullSecrets }}
				19	imagePullSecrets:
				20	{{- toYaml . \| nindent 8 }}
				21	{{- end }}
				22	{{ if .Values.backend.podSecurityContext.enabled }}
				23	securityContext:
				24	{{- omit .Values.backend.podSecurityContext "enabled" \| toYaml \| nindent 8 }}
				25	{{- end }}
				26	serviceAccountName: {{ include "penpot.serviceAccountName" . }}
				27	affinity:
				28	podAffinity:
				29	requiredDuringSchedulingIgnoredDuringExecution:
				30	- labelSelector:
				31	matchExpressions:
				32	- key: app.kubernetes.io/instance
				33	operator: In
				34	values:
				35	- {{ .Release.Name }}
				36	topologyKey: "kubernetes.io/hostname"
				37	containers:
				38	- name: {{ .Chart.Name }}-backend
				39	{{ if .Values.backend.containerSecurityContext.enabled }}
				40	securityContext:
				41	{{- omit .Values.backend.containerSecurityContext "enabled" \| toYaml \| nindent 12 }}
				42	{{- end }}
				43	image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
				44	imagePullPolicy: {{ .Values.backend.image.imagePullPolicy }}
				45	volumeMounts:
				46	- mountPath: /opt/data
				47	name: app-data
				48	readOnly: false
				49	env:
				50	- name: PENPOT_PUBLIC_URI
				51	value: {{ .Values.config.publicURI \| quote }}
				52	- name: PENPOT_FLAGS
				53	value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
				54	- name: PENPOT_SECRET_KEY
				55	value: {{ .Values.config.apiSecretKey \| quote }}
				56	- name: PENPOT_DATABASE_URI
				57	value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
				58	- name: PENPOT_DATABASE_USERNAME
				59	{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
				60	value: {{ .Values.config.postgresql.username \| quote }}
				61	{{- else }}
				62	valueFrom:
				63	secretKeyRef:
				64	name: {{ .Values.config.postgresql.existingSecret }}
				65	key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
				66	{{- end }}
				67	- name: PENPOT_DATABASE_PASSWORD
				68	{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
				69	value: {{ .Values.config.postgresql.password \| quote }}
				70	{{- else }}
				71	valueFrom:
				72	secretKeyRef:
				73	name: {{ .Values.config.postgresql.existingSecret }}
				74	key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
				75	{{- end }}
				76	- name: PENPOT_REDIS_URI
				77	value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
				78	- name: PENPOT_ASSETS_STORAGE_BACKEND
				79	value: {{ .Values.config.assets.storageBackend \| quote }}
				80	{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
				81	- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
				82	value: {{ .Values.config.assets.filesystem.directory \| quote }}
				83	{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
				84	- name: PENPOT_STORAGE_ASSETS_S3_REGION
				85	value: {{ .Values.config.assets.s3.region \| quote }}
				86	- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
				87	value: {{ .Values.config.assets.s3.bucket \| quote }}
				88	- name: AWS_ACCESS_KEY_ID
				89	{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
				90	value: {{ .Values.config.assets.s3.accessKeyID \| quote }}
				91	{{- else }}
				92	valueFrom:
				93	secretKeyRef:
				94	name: {{ .Values.config.assets.s3.existingSecret }}
				95	key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
				96	{{- end }}
				97	- name: AWS_SECRET_ACCESS_KEY
				98	{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
				99	value: {{ .Values.config.assets.s3.secretAccessKey \| quote }}
				100	{{- else }}
				101	valueFrom:
				102	secretKeyRef:
				103	name: {{ .Values.config.assets.s3.existingSecret }}
				104	key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
				105	{{- end }}
				106	- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
				107	{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
				108	value: {{ .Values.config.assets.s3.endpointURI \| quote }}
				109	{{- else }}
				110	valueFrom:
				111	secretKeyRef:
				112	name: {{ .Values.config.assets.s3.existingSecret }}
				113	key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
				114	{{- end }}
				115	{{- end }}
				116	- name: PENPOT_TELEMETRY_ENABLED
				117	value: {{ .Values.config.telemetryEnabled \| quote }}
				118
				119	{{- if .Values.config.smtp.enabled }}
				120	{{- if .Values.config.smtp.defaultFrom }}
				121	- name: PENPOT_SMTP_DEFAULT_FROM
				122	value: {{ .Values.config.smtp.defaultFrom \| quote }}
				123	{{- end }}
				124	{{- if .Values.config.smtp.defaultReplyTo }}
				125	- name: PENPOT_SMTP_DEFAULT_REPLY_TO
				126	value: {{ .Values.config.smtp.defaultReplyTo \| quote }}
				127	{{- end }}
				128	{{- if .Values.config.smtp.host }}
				129	- name: PENPOT_SMTP_HOST
				130	value: {{ .Values.config.smtp.host \| quote }}
				131	{{- end }}
				132	{{- if .Values.config.smtp.port }}
				133	- name: PENPOT_SMTP_PORT
				134	value: {{ .Values.config.smtp.port \| quote }}
				135	{{- end }}
				136	{{- if not .Values.config.smtp.secretKeys.usernameKey }}
				137	- name: PENPOT_SMTP_USERNAME
				138	value: {{ .Values.config.smtp.username \| quote }}
				139	{{- else }}
				140	- name: PENPOT_SMTP_USERNAME
				141	valueFrom:
				142	secretKeyRef:
				143	name: {{ .Values.config.smtp.existingSecret }}
				144	key: {{ .Values.config.smtp.secretKeys.usernameKey }}
				145	{{- end }}
				146	{{- if not .Values.config.smtp.secretKeys.passwordKey }}
				147	- name: PENPOT_SMTP_PASSWORD
				148	value: {{ .Values.config.smtp.password \| quote }}
				149	{{- else }}
				150	- name: PENPOT_SMTP_PASSWORD
				151	valueFrom:
				152	secretKeyRef:
				153	name: {{ .Values.config.smtp.existingSecret }}
				154	key: {{ .Values.config.smtp.secretKeys.passwordKey }}
				155	{{- end }}
				156	{{- if .Values.config.smtp.tls }}
				157	- name: PENPOT_SMTP_TLS
				158	value: {{ .Values.config.smtp.tls \| quote }}
				159	{{- end }}
				160	{{- if .Values.config.smtp.ssl }}
				161	- name: PENPOT_SMTP_SSL
				162	value: {{ .Values.config.smtp.ssl \| quote }}
				163	{{- end }}
				164	{{- end }}
				165
				166
				167	{{- if .Values.config.registrationDomainWhitelist }}
				168	- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
				169	value: {{ .Values.config.registrationDomainWhitelist \| quote }}
				170	{{- end }}
				171
				172	{{- if .Values.config.providers.google.enabled }}
				173	{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
				174	- name: PENPOT_GOOGLE_CLIENT_ID
				175	value: {{ .Values.config.providers.google.clientID \| quote }}
				176	{{- else }}
				177	- name: PENPOT_GOOGLE_CLIENT_ID
				178	valueFrom:
				179	secretKeyRef:
				180	name: {{ .Values.config.providers.existingSecret }}
				181	key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
				182	{{- end }}
				183	{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
				184	- name: PENPOT_GOOGLE_CLIENT_SECRET
				185	value: {{ .Values.config.providers.google.clientSecret \| quote }}
				186	{{- else }}
				187	- name: PENPOT_GOOGLE_CLIENT_SECRET
				188	valueFrom:
				189	secretKeyRef:
				190	name: {{ .Values.config.providers.existingSecret }}
				191	key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
				192	{{- end }}
				193	{{- end }}
				194
				195	{{- if .Values.config.providers.github.enabled }}
				196	{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
				197	- name: PENPOT_GITHUB_CLIENT_ID
				198	value: {{ .Values.config.providers.github.clientID \| quote }}
				199	{{- else }}
				200	- name: PENPOT_GITHUB_CLIENT_ID
				201	valueFrom:
				202	secretKeyRef:
				203	name: {{ .Values.config.providers.existingSecret }}
				204	key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
				205	{{- end }}
				206	{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
				207	- name: PENPOT_GITHUB_CLIENT_SECRET
				208	value: {{ .Values.config.providers.github.clientSecret \| quote }}
				209	{{- else }}
				210	- name: PENPOT_GITHUB_CLIENT_SECRET
				211	valueFrom:
				212	secretKeyRef:
				213	name: {{ .Values.config.providers.existingSecret }}
				214	key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
				215	{{- end }}
				216	{{- end }}
				217
				218	{{- if .Values.config.providers.gitlab.enabled }}
				219	{{- if .Values.config.providers.gitlab.baseURI }}
				220	- name: PENPOT_GITLAB_BASE_URI
				221	value: {{ .Values.config.providers.gitlab.baseURI \| quote }}
				222	{{- end }}
				223	{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
				224	- name: PENPOT_GITLAB_CLIENT_ID
				225	value: {{ .Values.config.providers.gitlab.clientID \| quote }}
				226	{{- else }}
				227	- name: PENPOT_GITLAB_CLIENT_ID
				228	valueFrom:
				229	secretKeyRef:
				230	name: {{ .Values.config.providers.existingSecret }}
				231	key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
				232	{{- end }}
				233	{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
				234	- name: PENPOT_GITLAB_CLIENT_SECRET
				235	value: {{ .Values.config.providers.gitlab.clientSecret \| quote }}
				236	{{- else }}
				237	- name: PENPOT_GITLAB_CLIENT_SECRET
				238	valueFrom:
				239	secretKeyRef:
				240	name: {{ .Values.config.providers.existingSecret }}
				241	key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
				242	{{- end }}
				243	{{- end }}
				244
				245	{{- if .Values.config.providers.oidc.enabled }}
				246	{{- if .Values.config.providers.oidc.baseURI }}
				247	- name: PENPOT_OIDC_BASE_URI
				248	value: {{ .Values.config.providers.oidc.baseURI \| quote }}
				249	{{- end }}
				250	{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
				251	- name: PENPOT_OIDC_CLIENT_ID
				252	value: {{ .Values.config.providers.oidc.clientID \| quote}}
				253	{{- else }}
				254	- name: PENPOT_OIDC_CLIENT_ID
				255	valueFrom:
				256	secretKeyRef:
				257	name: {{ .Values.config.providers.existingSecret }}
				258	key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
				259	{{- end }}
				260	{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
				261	- name: PENPOT_OIDC_CLIENT_SECRET
				262	value: {{ .Values.config.providers.oidc.clientSecret \| quote }}
				263	{{- else }}
				264	- name: PENPOT_OIDC_CLIENT_SECRET
				265	valueFrom:
				266	secretKeyRef:
				267	name: {{ .Values.config.providers.existingSecret }}
				268	key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
				269	{{- end }}
				270	{{- if .Values.config.providers.oidc.authURI }}
				271	- name: PENPOT_OIDC_AUTH_URI
				272	value: {{ .Values.config.providers.oidc.authURI \| quote }}
				273	{{- end }}
				274	{{- if .Values.config.providers.oidc.tokenURI }}
				275	- name: PENPOT_OIDC_TOKEN_URI
				276	value: {{ .Values.config.providers.oidc.tokenURI \| quote }}
				277	{{- end }}
				278	{{- if .Values.config.providers.oidc.userURI }}
				279	- name: PENPOT_OIDC_USER_URI
				280	value: {{ .Values.config.providers.oidc.userURI \| quote }}
				281	{{- end }}
				282	{{- if .Values.config.providers.oidc.roles }}
				283	- name: PENPOT_OIDC_ROLES
				284	value: {{ .Values.config.providers.oidc.roles \| quote }}
				285	{{- end }}
				286	{{- if .Values.config.providers.oidc.rolesAttribute }}
				287	- name: PENPOT_OIDC_ROLES_ATTR
				288	value: {{ .Values.config.providers.oidc.rolesAttribute \| quote }}
				289	{{- end }}
				290	{{- if .Values.config.providers.oidc.scopes }}
				291	- name: PENPOT_OIDC_SCOPES
				292	value: {{ .Values.config.providers.oidc.scopes \| quote }}
				293	{{- end }}
				294	{{- if .Values.config.providers.oidc.nameAttribute }}
				295	- name: PENPOT_OIDC_NAME_ATTR
				296	value: {{ .Values.config.providers.oidc.nameAttribute \| quote }}
				297	{{- end }}
				298	{{- if .Values.config.providers.oidc.emailAttribute }}
				299	- name: PENPOT_OIDC_EMAIL_ATTR
				300	value: {{ .Values.config.providers.oidc.emailAttribute \| quote }}
				301	{{- end }}
				302	{{- end }}
				303
				304	{{- if .Values.config.providers.ldap.enabled }}
				305	{{- if .Values.config.providers.ldap.host }}
				306	- name: PENPOT_LDAP_HOST
				307	value: {{ .Values.config.providers.ldap.host \| quote }}
				308	{{- end }}
				309	{{- if .Values.config.providers.ldap.port }}
				310	- name: PENPOT_LDAP_PORT
				311	value: {{ .Values.config.providers.ldap.port \| quote }}
				312	{{- end }}
				313	{{- if .Values.config.providers.ldap.ssl }}
				314	- name: PENPOT_LDAP_SSL
				315	value: {{ .Values.config.providers.ldap.ssl \| quote }}
				316	{{- end }}
				317	{{- if .Values.config.providers.ldap.startTLS }}
				318	- name: PENPOT_LDAP_STARTTLS
				319	value: {{ .Values.config.providers.ldap.startTLS \| quote }}
				320	{{- end }}
				321	{{- if .Values.config.providers.ldap.baseDN }}
				322	- name: PENPOT_LDAP_BASE_DN
				323	value: {{ .Values.config.providers.ldap.baseDN \| quote }}
				324	{{- end }}
				325	{{- if .Values.config.providers.ldap.bindDN }}
				326	- name: PENPOT_LDAP_BIND_DN
				327	value: {{ .Values.config.providers.ldap.bindDN \| quote }}
				328	{{- end }}
				329	{{- if .Values.config.providers.ldap.bindPassword }}
				330	- name: PENPOT_LDAP_BIND_PASSWORD
				331	value: {{ .Values.config.providers.ldap.bindPassword \| quote }}
				332	{{- end }}
				333	{{- if .Values.config.providers.ldap.attributesUsername }}
				334	- name: PENPOT_LDAP_ATTRS_USERNAME
				335	value: {{ .Values.config.providers.ldap.attributesUsername \| quote }}
				336	{{- end }}
				337	{{- if .Values.config.providers.ldap.attributesEmail }}
				338	- name: PENPOT_LDAP_ATTRS_EMAIL
				339	value: {{ .Values.config.providers.ldap.attributesEmail \| quote }}
				340	{{- end }}
				341	{{- if .Values.config.providers.ldap.attributesFullname }}
				342	- name: PENPOT_LDAP_ATTRS_FULLNAME
				343	value: {{ .Values.config.providers.ldap.attributesFullname \| quote }}
				344	{{- end }}
				345	{{- if .Values.config.providers.ldap.attributesPhoto }}
				346	- name: PENPOT_LDAP_ATTRS_PHOTO
				347	value: {{ .Values.config.providers.ldap.attributesPhoto \| quote }}
				348	{{- end }}
				349	{{- end }}
				350	ports:
				351	- name: http
				352	containerPort: {{ .Values.backend.service.port }}
				353	protocol: TCP
				354	resources:
				355	{{- toYaml .Values.backend.resources \| nindent 12 }}
				356	{{- with .Values.backend.nodeSelector }}
				357	nodeSelector:
				358	{{- toYaml . \| nindent 8 }}
				359	{{- end }}
				360	{{- with .Values.backend.affinity }}
				361	affinity:
				362	{{- toYaml . \| nindent 8 }}
				363	{{- end }}
				364	{{- with .Values.backend.tolerations }}
				365	tolerations:
				366	{{- toYaml . \| nindent 8 }}
				367	{{- end }}
				368	volumes:
				369	- name: app-data
				370	{{- if .Values.persistence.enabled }}
				371	persistentVolumeClaim:
				372	claimName: {{ .Values.persistence.existingClaim \| default ( include "penpot.fullname" . ) }}
				373	{{- else }}
				374	emptyDir: {}
				375	{{- end }}