Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / refs/heads/main / . / charts / penpot / templates / frontend / deployment.yaml
blob: f464a6fc5efacde805080e83d1467708e22eb79b [file] [log] [blame]
Giorgi Lekveishvili3e45d0a2023-06-26 09:53:42 +0400[diff] [blame]1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: {{ include "penpot.fullname" . }}-frontend
5 namespace: {{ .Release.Namespace }}
6 labels:
7 {{- include "penpot.labels" . | nindent 4 }}
8spec:
9 replicas: {{ .Values.frontend.replicaCount }}
10 selector:
11 matchLabels:
12 {{- include "penpot.frontendSelectorLabels" . | nindent 6 }}
13 template:
14 metadata:
15 labels:
16 {{- include "penpot.frontendSelectorLabels" . | nindent 8 }}
17 spec:
18 {{- with .Values.global.imagePullSecrets }}
19 imagePullSecrets:
20 {{- toYaml . | nindent 8 }}
21 {{- end }}
22 serviceAccountName: {{ include "penpot.serviceAccountName" . }}
23 affinity:
24 podAffinity:
25 requiredDuringSchedulingIgnoredDuringExecution:
26 - labelSelector:
27 matchExpressions:
28 - key: app.kubernetes.io/instance
29 operator: In
30 values:
31 - {{ .Release.Name }}
32 topologyKey: "kubernetes.io/hostname"
33 containers:
34 - name: {{ .Chart.Name }}-frontend
35 image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
36 imagePullPolicy: {{ .Values.frontend.image.imagePullPolicy }}
37 env:
38 - name: PENPOT_PUBLIC_URI
39 value: {{ .Values.config.publicURI | quote }}
40 - name: PENPOT_FLAGS
41 value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
42 - name: PENPOT_SECRET_KEY
43 value: {{ .Values.config.apiSecretKey | quote }}
44 - name: PENPOT_DATABASE_URI
45 value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
46 - name: PENPOT_DATABASE_USERNAME
47 {{- if not .Values.config.postgresql.secretKeys.usernameKey }}
48 value: {{ .Values.config.postgresql.username | quote }}
49 {{- else }}
50 valueFrom:
51 secretKeyRef:
52 name: {{ .Values.config.postgresql.existingSecret }}
53 key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
54 {{- end }}
55 - name: PENPOT_DATABASE_PASSWORD
56 {{- if not .Values.config.postgresql.secretKeys.passwordKey }}
57 value: {{ .Values.config.postgresql.password | quote }}
58 {{- else }}
59 valueFrom:
60 secretKeyRef:
61 name: {{ .Values.config.postgresql.existingSecret }}
62 key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
63 {{- end }}
64 - name: PENPOT_REDIS_URI
65 value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
66 - name: PENPOT_ASSETS_STORAGE_BACKEND
67 value: {{ .Values.config.assets.storageBackend | quote }}
68 {{- if eq .Values.config.assets.storageBackend "assets-fs" }}
69 - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
70 value: {{ .Values.config.assets.filesystem.directory | quote }}
71 {{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
72 - name: PENPOT_STORAGE_ASSETS_S3_REGION
73 value: {{ .Values.config.assets.s3.region | quote }}
74 - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
75 value: {{ .Values.config.assets.s3.bucket | quote }}
76 - name: AWS_ACCESS_KEY_ID
77 {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
78 value: {{ .Values.config.assets.s3.accessKeyID | quote }}
79 {{- else }}
80 valueFrom:
81 secretKeyRef:
82 name: {{ .Values.config.assets.s3.existingSecret }}
83 key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
84 {{- end }}
85 - name: AWS_SECRET_ACCESS_KEY
86 {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
87 value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
88 {{- else }}
89 valueFrom:
90 secretKeyRef:
91 name: {{ .Values.config.assets.s3.existingSecret }}
92 key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
93 {{- end }}
94 - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
95 {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
96 value: {{ .Values.config.assets.s3.endpointURI | quote }}
97 {{- else }}
98 valueFrom:
99 secretKeyRef:
100 name: {{ .Values.config.assets.s3.existingSecret }}
101 key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
102 {{- end }}
103 {{- end }}
104 - name: PENPOT_TELEMETRY_ENABLED
105 value: {{ .Values.config.telemetryEnabled | quote }}
106
107 {{- if .Values.config.smtp.enabled }}
108 {{- if .Values.config.smtp.defaultFrom }}
109 - name: PENPOT_SMTP_DEFAULT_FROM
110 value: {{ .Values.config.smtp.defaultFrom | quote }}
111 {{- end }}
112 {{- if .Values.config.smtp.defaultReplyTo }}
113 - name: PENPOT_SMTP_DEFAULT_REPLY_TO
114 value: {{ .Values.config.smtp.defaultReplyTo | quote }}
115 {{- end }}
116 {{- if .Values.config.smtp.host }}
117 - name: PENPOT_SMTP_HOST
118 value: {{ .Values.config.smtp.host | quote }}
119 {{- end }}
120 {{- if .Values.config.smtp.port }}
121 - name: PENPOT_SMTP_PORT
122 value: {{ .Values.config.smtp.port | quote }}
123 {{- end }}
124 {{- if not .Values.config.smtp.secretKeys.usernameKey }}
125 - name: PENPOT_SMTP_USERNAME
126 value: {{ .Values.config.smtp.username | quote }}
127 {{- else }}
128 - name: PENPOT_SMTP_USERNAME
129 valueFrom:
130 secretKeyRef:
131 name: {{ .Values.config.smtp.existingSecret }}
132 key: {{ .Values.config.smtp.secretKeys.usernameKey }}
133 {{- end }}
134 {{- if not .Values.config.smtp.secretKeys.passwordKey }}
135 - name: PENPOT_SMTP_PASSWORD
136 value: {{ .Values.config.smtp.password | quote }}
137 {{- else }}
138 - name: PENPOT_SMTP_PASSWORD
139 valueFrom:
140 secretKeyRef:
141 name: {{ .Values.config.smtp.existingSecret }}
142 key: {{ .Values.config.smtp.secretKeys.passwordKey }}
143 {{- end }}
144 {{- if .Values.config.smtp.tls }}
145 - name: PENPOT_SMTP_TLS
146 value: {{ .Values.config.smtp.tls | quote }}
147 {{- end }}
148 {{- if .Values.config.smtp.ssl }}
149 - name: PENPOT_SMTP_SSL
150 value: {{ .Values.config.smtp.ssl | quote }}
151 {{- end }}
152 {{- end }}
153
154
155 {{- if .Values.config.registrationDomainWhitelist }}
156 - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
157 value: {{ .Values.config.registrationDomainWhitelist | quote }}
158 {{- end }}
159
160 {{- if .Values.config.providers.google.enabled }}
161 {{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
162 - name: PENPOT_GOOGLE_CLIENT_ID
163 value: {{ .Values.config.providers.google.clientID | quote }}
164 {{- else }}
165 - name: PENPOT_GOOGLE_CLIENT_ID
166 valueFrom:
167 secretKeyRef:
168 name: {{ .Values.config.providers.existingSecret }}
169 key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
170 {{- end }}
171 {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
172 - name: PENPOT_GOOGLE_CLIENT_SECRET
173 value: {{ .Values.config.providers.google.clientSecret | quote }}
174 {{- else }}
175 - name: PENPOT_GOOGLE_CLIENT_SECRET
176 valueFrom:
177 secretKeyRef:
178 name: {{ .Values.config.providers.existingSecret }}
179 key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
180 {{- end }}
181 {{- end }}
182
183 {{- if .Values.config.providers.github.enabled }}
184 {{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
185 - name: PENPOT_GITHUB_CLIENT_ID
186 value: {{ .Values.config.providers.github.clientID | quote }}
187 {{- else }}
188 - name: PENPOT_GITHUB_CLIENT_ID
189 valueFrom:
190 secretKeyRef:
191 name: {{ .Values.config.providers.existingSecret }}
192 key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
193 {{- end }}
194 {{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
195 - name: PENPOT_GITHUB_CLIENT_SECRET
196 value: {{ .Values.config.providers.github.clientSecret | quote }}
197 {{- else }}
198 - name: PENPOT_GITHUB_CLIENT_SECRET
199 valueFrom:
200 secretKeyRef:
201 name: {{ .Values.config.providers.existingSecret }}
202 key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
203 {{- end }}
204 {{- end }}
205
206 {{- if .Values.config.providers.gitlab.enabled }}
207 {{- if .Values.config.providers.gitlab.baseURI }}
208 - name: PENPOT_GITLAB_BASE_URI
209 value: {{ .Values.config.providers.gitlab.baseURI | quote }}
210 {{- end }}
211 {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
212 - name: PENPOT_GITLAB_CLIENT_ID
213 value: {{ .Values.config.providers.gitlab.clientID | quote }}
214 {{- else }}
215 - name: PENPOT_GITLAB_CLIENT_ID
216 valueFrom:
217 secretKeyRef:
218 name: {{ .Values.config.providers.existingSecret }}
219 key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
220 {{- end }}
221 {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
222 - name: PENPOT_GITLAB_CLIENT_SECRET
223 value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
224 {{- else }}
225 - name: PENPOT_GITLAB_CLIENT_SECRET
226 valueFrom:
227 secretKeyRef:
228 name: {{ .Values.config.providers.existingSecret }}
229 key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
230 {{- end }}
231 {{- end }}
232
233 {{- if .Values.config.providers.oidc.enabled }}
234 {{- if .Values.config.providers.oidc.baseURI }}
235 - name: PENPOT_OIDC_BASE_URI
236 value: {{ .Values.config.providers.oidc.baseURI | quote }}
237 {{- end }}
238 {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
239 - name: PENPOT_OIDC_CLIENT_ID
240 value: {{ .Values.config.providers.oidc.clientID | quote}}
241 {{- else }}
242 - name: PENPOT_OIDC_CLIENT_ID
243 valueFrom:
244 secretKeyRef:
245 name: {{ .Values.config.providers.existingSecret }}
246 key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
247 {{- end }}
248 {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
249 - name: PENPOT_OIDC_CLIENT_SECRET
250 value: {{ .Values.config.providers.oidc.clientSecret | quote }}
251 {{- else }}
252 - name: PENPOT_OIDC_CLIENT_SECRET
253 valueFrom:
254 secretKeyRef:
255 name: {{ .Values.config.providers.existingSecret }}
256 key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
257 {{- end }}
258 {{- if .Values.config.providers.oidc.authURI }}
259 - name: PENPOT_OIDC_AUTH_URI
260 value: {{ .Values.config.providers.oidc.authURI | quote }}
261 {{- end }}
262 {{- if .Values.config.providers.oidc.tokenURI }}
263 - name: PENPOT_OIDC_TOKEN_URI
264 value: {{ .Values.config.providers.oidc.tokenURI | quote }}
265 {{- end }}
266 {{- if .Values.config.providers.oidc.userURI }}
267 - name: PENPOT_OIDC_USER_URI
268 value: {{ .Values.config.providers.oidc.userURI | quote }}
269 {{- end }}
270 {{- if .Values.config.providers.oidc.roles }}
271 - name: PENPOT_OIDC_ROLES
272 value: {{ .Values.config.providers.oidc.roles | quote }}
273 {{- end }}
274 {{- if .Values.config.providers.oidc.rolesAttribute }}
275 - name: PENPOT_OIDC_ROLES_ATTR
276 value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
277 {{- end }}
278 {{- if .Values.config.providers.oidc.scopes }}
279 - name: PENPOT_OIDC_SCOPES
280 value: {{ .Values.config.providers.oidc.scopes | quote }}
281 {{- end }}
282 {{- if .Values.config.providers.oidc.nameAttribute }}
283 - name: PENPOT_OIDC_NAME_ATTR
284 value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
285 {{- end }}
286 {{- if .Values.config.providers.oidc.emailAttribute }}
287 - name: PENPOT_OIDC_EMAIL_ATTR
288 value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
289 {{- end }}
290 {{- end }}
291
292 {{- if .Values.config.providers.ldap.enabled }}
293 {{- if .Values.config.providers.ldap.host }}
294 - name: PENPOT_LDAP_HOST
295 value: {{ .Values.config.providers.ldap.host | quote }}
296 {{- end }}
297 {{- if .Values.config.providers.ldap.port }}
298 - name: PENPOT_LDAP_PORT
299 value: {{ .Values.config.providers.ldap.port | quote }}
300 {{- end }}
301 {{- if .Values.config.providers.ldap.ssl }}
302 - name: PENPOT_LDAP_SSL
303 value: {{ .Values.config.providers.ldap.ssl | quote }}
304 {{- end }}
305 {{- if .Values.config.providers.ldap.startTLS }}
306 - name: PENPOT_LDAP_STARTTLS
307 value: {{ .Values.config.providers.ldap.startTLS | quote }}
308 {{- end }}
309 {{- if .Values.config.providers.ldap.baseDN }}
310 - name: PENPOT_LDAP_BASE_DN
311 value: {{ .Values.config.providers.ldap.baseDN | quote }}
312 {{- end }}
313 {{- if .Values.config.providers.ldap.bindDN }}
314 - name: PENPOT_LDAP_BIND_DN
315 value: {{ .Values.config.providers.ldap.bindDN | quote }}
316 {{- end }}
317 {{- if .Values.config.providers.ldap.bindPassword }}
318 - name: PENPOT_LDAP_BIND_PASSWORD
319 value: {{ .Values.config.providers.ldap.bindPassword | quote }}
320 {{- end }}
321 {{- if .Values.config.providers.ldap.attributesUsername }}
322 - name: PENPOT_LDAP_ATTRS_USERNAME
323 value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
324 {{- end }}
325 {{- if .Values.config.providers.ldap.attributesEmail }}
326 - name: PENPOT_LDAP_ATTRS_EMAIL
327 value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
328 {{- end }}
329 {{- if .Values.config.providers.ldap.attributesFullname }}
330 - name: PENPOT_LDAP_ATTRS_FULLNAME
331 value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
332 {{- end }}
333 {{- if .Values.config.providers.ldap.attributesPhoto }}
334 - name: PENPOT_LDAP_ATTRS_PHOTO
335 value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
336 {{- end }}
337 {{- end }}
338 volumeMounts:
339 - mountPath: /opt/data
340 name: app-data
341 readOnly: false
342 - mountPath: /etc/nginx/nginx.conf
343 name: "{{ include "penpot.fullname" . }}-frontend-nginx"
344 readOnly: true
345 subPath: nginx.conf
346 ports:
347 - name: http
348 containerPort: {{ .Values.frontend.service.port }}
349 protocol: TCP
350 resources:
351 {{- toYaml .Values.frontend.resources | nindent 12 }}
352 {{- with .Values.frontend.nodeSelector }}
353 nodeSelector:
354 {{- toYaml . | nindent 8 }}
355 {{- end }}
356 {{- with .Values.frontend.affinity }}
357 affinity:
358 {{- toYaml . | nindent 8 }}
359 {{- end }}
360 {{- with .Values.frontend.tolerations }}
361 tolerations:
362 {{- toYaml . | nindent 8 }}
363 {{- end }}
364 volumes:
365 - name: app-data
366 {{- if .Values.persistence.enabled }}
367 persistentVolumeClaim:
368 claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
369 {{- else }}
370 emptyDir: {}
371 {{- end }}
372 - configMap:
373 defaultMode: 420
374 name: "{{ include "penpot.fullname" . }}-frontend-nginx"
375 name: "{{ include "penpot.fullname" . }}-frontend-nginx"