deployment.yaml 13.3 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1
{{- if not .Values.application.initializeCommand -}}
Dominik Hebeler's avatar
Dominik Hebeler committed
2
apiVersion: apps/v1
Dominik Hebeler's avatar
Dominik Hebeler committed
3
4
5
6
7
8
9
10
11
kind: Deployment
metadata:
  name: {{ template "trackableappname" . }}
  annotations:
    {{ if .Values.gitlab.app }}app.gitlab.com/app: {{ .Values.gitlab.app | quote }}{{ end }}
    {{ if .Values.gitlab.env }}app.gitlab.com/env: {{ .Values.gitlab.env | quote }}{{ end }}
  labels:
    track: "{{ .Values.application.track }}"
    tier: "{{ .Values.application.tier }}"
Dominik Hebeler's avatar
Dominik Hebeler committed
12
{{ include "sharedlabels" . | indent 4 }}
Dominik Hebeler's avatar
Dominik Hebeler committed
13
spec:
14
15
16
17
18
19
  selector:
    matchLabels:
      app: {{ template "appname" . }}
      track: "{{ .Values.application.track }}"
      tier: "{{ .Values.application.tier }}"
      release: {{ .Release.Name }}
Dominik Hebeler's avatar
Dominik Hebeler committed
20
  replicas: {{ .Values.replicaCount }}
21
22
23
24
{{- if .Values.strategyType }}
  strategy:
    type: {{ .Values.strategyType | quote }}
{{- end }}
Dominik Hebeler's avatar
Dominik Hebeler committed
25
26
27
28
29
30
31
32
33
34
35
36
  template:
    metadata:
      annotations:
        checksum/application-secrets: "{{ .Values.application.secretChecksum }}"
        {{ if .Values.gitlab.app }}app.gitlab.com/app: {{ .Values.gitlab.app | quote }}{{ end }}
        {{ if .Values.gitlab.env }}app.gitlab.com/env: {{ .Values.gitlab.env | quote }}{{ end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
      labels:
        track: "{{ .Values.application.track }}"
        tier: "{{ .Values.application.tier }}"
Dominik Hebeler's avatar
Dominik Hebeler committed
37
{{ include "sharedlabels" . | indent 8 }}
Dominik Hebeler's avatar
Dominik Hebeler committed
38
    spec:
Dominik Hebeler's avatar
Dominik Hebeler committed
39
40
41
{{- if or (.Values.serviceAccount.name) (.Values.serviceAccountName) }}
      serviceAccountName: {{ .Values.serviceAccount.name | default .Values.serviceAccountName | quote }}
{{- end }}
Dominik Hebeler's avatar
Dominik Hebeler committed
42
43
      imagePullSecrets:
{{ toYaml .Values.image.secrets | indent 10 }}
Dominik Hebeler's avatar
Dominik Hebeler committed
44
45
46
47
48
49
50
51
52
{{- if .Values.nodeSelector }}
      nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
      tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
      affinity:
Dominik Hebeler's avatar
Dominik Hebeler committed
53
54
55
56
57
58
59
60
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 50
            podAffinityTerm:
              labelSelector:
                matchLabels:
                  app: {{ template "appname" . }}
              topologyKey: kubernetes.io/hostname
Dominik Hebeler's avatar
Dominik Hebeler committed
61
      volumes:
62
63
64
      - name: secrets
        secret:
          secretName: {{ .Values.application.secretName }}
Dominik Hebeler's avatar
Dominik Hebeler committed
65
66
67
      - name: mglogs-persistent-storage
        persistentVolumeClaim:
          claimName: mg-logs
68
69
70
      - name: redis-config
        configMap:
          name: redis-container-config
Dominik Hebeler's avatar
Dominik Hebeler committed
71
72
73
74
      securityContext:
        fsGroup: 1000
        runAsUser: 1000
        runAsGroup: 1000
Dominik Hebeler's avatar
Dominik Hebeler committed
75
      containers:
Dominik Hebeler's avatar
Dominik Hebeler committed
76
      - name: {{ .Chart.Name }}-phpfpm
Dominik Hebeler's avatar
Dominik Hebeler committed
77
        image: {{ template "imagename" . }}
Dominik Hebeler's avatar
Dominik Hebeler committed
78
79
80
81
82
83
84
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        {{- if .Values.application.secretName }}
        envFrom:
        - secretRef:
            name: {{ .Values.application.secretName }}
        {{- end }}
        env:
Dominik Hebeler's avatar
Dominik Hebeler committed
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
{{- if .Values.postgresql.managed }}
        - name: POSTGRES_USER
          valueFrom:
            secretKeyRef:
              name: app-postgres
              key: username
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: app-postgres
              key: password
        - name: POSTGRES_HOST
          valueFrom:
            secretKeyRef:
              name: app-postgres
              key: privateIP
{{- end }}
Dominik Hebeler's avatar
Dominik Hebeler committed
102
        - name: DATABASE_URL
Dominik Hebeler's avatar
Dominik Hebeler committed
103
          value: {{ .Values.application.database_url | quote }}
Dominik Hebeler's avatar
Dominik Hebeler committed
104
        - name: GITLAB_ENVIRONMENT_NAME
Dominik Hebeler's avatar
Dominik Hebeler committed
105
          value: {{ .Values.gitlab.envName | quote }}
Dominik Hebeler's avatar
Dominik Hebeler committed
106
        - name: GITLAB_ENVIRONMENT_URL
Dominik Hebeler's avatar
Dominik Hebeler committed
107
108
109
110
111
          value: {{ .Values.gitlab.envURL | quote }}
{{- if .Values.lifecycle }}
        lifecycle:
{{ toYaml .Values.lifecycle | indent 10 }}
{{- end }}
Dominik Hebeler's avatar
Dominik Hebeler committed
112
113
        ports:
        - name: "{{ .Values.service.name }}-phpfpm"
Dominik Hebeler's avatar
Dominik Hebeler committed
114
          containerPort: 9000
Dominik Hebeler's avatar
Dominik Hebeler committed
115
        livenessProbe:
Dominik Hebeler's avatar
Dominik Hebeler committed
116
          tcpSocket:
Dominik Hebeler's avatar
Dominik Hebeler committed
117
            port: "{{ .Values.service.name }}-phpfpm"
Dominik Hebeler's avatar
Dominik Hebeler committed
118
119
          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
Dominik Hebeler's avatar
Dominik Hebeler committed
120
        readinessProbe:
Dominik Hebeler's avatar
Dominik Hebeler committed
121
          tcpSocket:
Dominik Hebeler's avatar
Dominik Hebeler committed
122
            port: "{{ .Values.service.name }}-phpfpm"
Dominik Hebeler's avatar
Dominik Hebeler committed
123
124
          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
Dominik Hebeler's avatar
Dominik Hebeler committed
125
126
127
128
129
        startupProbe:
          tcpSocket:
            port: "{{ .Values.service.name }}-phpfpm"
          failureThreshold: 60
          periodSeconds: 1
Dominik Hebeler's avatar
Dominik Hebeler committed
130
131
        volumeMounts:
        - name: mglogs-persistent-storage
Dominik Hebeler's avatar
Dominik Hebeler committed
132
133
          mountPath: /html/storage/logs/metager
          readOnly: false
Dominik Hebeler's avatar
Dominik Hebeler committed
134
135
136
137
        - name: secrets
          mountPath: /home/metager/.env
          subPath: env
          readOnly: true
138
        - name: secrets
Dominik Hebeler's avatar
Dominik Hebeler committed
139
          mountPath: /html/database/seeds/UsersSeeder.php
140
          subPath: userseeder
Dominik Hebeler's avatar
Dominik Hebeler committed
141
          readOnly: true
142
        - name: secrets
Dominik Hebeler's avatar
Dominik Hebeler committed
143
          mountPath: /html/config/sumas.json
144
          subPath: sumas
Dominik Hebeler's avatar
Dominik Hebeler committed
145
          readOnly: true
146
        - name: secrets
Dominik Hebeler's avatar
Dominik Hebeler committed
147
          mountPath: /html/config/sumasEn.json
148
          subPath: sumasen
Dominik Hebeler's avatar
Dominik Hebeler committed
149
          readOnly: true
150
        - name: secrets
Dominik Hebeler's avatar
Dominik Hebeler committed
151
          mountPath: /html/config/blacklistUrl.txt
152
          subPath: blacklisturl
Dominik Hebeler's avatar
Dominik Hebeler committed
153
          readOnly: true
154
        - name: secrets
Dominik Hebeler's avatar
Dominik Hebeler committed
155
          mountPath: /html/config/blacklistDomains.txt
156
          subPath: blacklistdomains
Dominik Hebeler's avatar
Dominik Hebeler committed
157
          readOnly: true
158
        - name: secrets
Dominik Hebeler's avatar
Dominik Hebeler committed
159
          mountPath: /html/config/adBlacklistUrl.txt
160
          subPath: adblacklisturl
Dominik Hebeler's avatar
Dominik Hebeler committed
161
          readOnly: true
162
163
164
165
        - name: secrets
          mountPath: /html/config/blacklistDescriptionUrl.txt
          subPath: blacklistDescriptionUrl
          readOnly: true
166
        - name: secrets
Dominik Hebeler's avatar
Dominik Hebeler committed
167
          mountPath: /html/config/adBlacklistDomains.txt
168
          subPath: adblacklistdomains
Dominik Hebeler's avatar
Dominik Hebeler committed
169
          readOnly: true
Dominik Hebeler's avatar
Dominik Hebeler committed
170
        resources:
Dominik Hebeler's avatar
Dominik Hebeler committed
171
{{ toYaml .Values.resourcesPhpfpm | indent 12 }}
Dominik Hebeler's avatar
Dominik Hebeler committed
172
      - name: {{ .Chart.Name }}-nginx
Dominik Hebeler's avatar
Dominik Hebeler committed
173
        image: {{ template "imagename" . }}
Dominik Hebeler's avatar
Dominik Hebeler committed
174
175
176
177
178
179
180
181
        command: ["nginx"]
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        {{- if .Values.application.secretName }}
        envFrom:
        - secretRef:
            name: {{ .Values.application.secretName }}
        {{- end }}
        env:
Dominik Hebeler's avatar
Dominik Hebeler committed
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
{{- if .Values.postgresql.managed }}
        - name: POSTGRES_USER
          valueFrom:
            secretKeyRef:
              name: app-postgres
              key: username
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: app-postgres
              key: password
        - name: POSTGRES_HOST
          valueFrom:
            secretKeyRef:
              name: app-postgres
              key: privateIP
{{- end }}
Dominik Hebeler's avatar
Dominik Hebeler committed
199
200
201
        - name: DATABASE_URL
          value: {{ .Values.application.database_url | quote }}
        - name: GITLAB_ENVIRONMENT_NAME
Dominik Hebeler's avatar
Dominik Hebeler committed
202
          value: {{ .Values.gitlab.envName | quote }}
Dominik Hebeler's avatar
Dominik Hebeler committed
203
        - name: GITLAB_ENVIRONMENT_URL
Dominik Hebeler's avatar
Dominik Hebeler committed
204
205
206
207
208
          value: {{ .Values.gitlab.envURL | quote }}
{{- if .Values.lifecycle }}
        lifecycle:
{{ toYaml .Values.lifecycle | indent 10 }}
{{- end }}
Dominik Hebeler's avatar
Dominik Hebeler committed
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
        ports:
        - name: "{{ .Values.service.name }}"
          containerPort: {{ .Values.service.internalPort }}
        livenessProbe:
{{- if eq .Values.livenessProbe.probeType "httpGet" }}
          httpGet:
            path: {{ .Values.livenessProbe.path }}
            scheme: {{ .Values.livenessProbe.scheme }}
            port: {{ .Values.service.internalPort }}
{{- else if eq .Values.livenessProbe.probeType "tcpSocket" }}
          tcpSocket:
            port: {{ .Values.service.internalPort }}
{{- end }}
          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
        readinessProbe:
{{- if eq .Values.readinessProbe.probeType "httpGet" }}
          httpGet:
            path: {{ .Values.readinessProbe.path }}
            scheme: {{ .Values.readinessProbe.scheme }}
            port: {{ .Values.service.internalPort }}
{{- else if eq .Values.readinessProbe.probeType "tcpSocket" }}
          tcpSocket:
            port: {{ .Values.service.internalPort }}
{{- end }}
          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
Dominik Hebeler's avatar
Dominik Hebeler committed
236
237
238
239
240
241
242
243
244
245
246
247
        startupProbe:
{{- if eq .Values.readinessProbe.probeType "httpGet" }}
          httpGet:
            path: {{ .Values.readinessProbe.path }}
            scheme: {{ .Values.readinessProbe.scheme }}
            port: {{ .Values.service.internalPort }}
{{- else if eq .Values.readinessProbe.probeType "tcpSocket" }}
          tcpSocket:
            port: {{ .Values.service.internalPort }}
{{- end }}
          failureThreshold: 60
          periodSeconds: 1
Dominik Hebeler's avatar
Dominik Hebeler committed
248
        resources:
Dominik Hebeler's avatar
Dominik Hebeler committed
249
{{ toYaml .Values.resourcesNginx | indent 12 }}
Dominik Hebeler's avatar
Dominik Hebeler committed
250
251
      # Redis Container
      - name: {{ .Chart.Name }}-redis
Dominik Hebeler's avatar
Dominik Hebeler committed
252
        image: "redis:6"
Dominik Hebeler's avatar
Dominik Hebeler committed
253
        imagePullPolicy: {{ .Values.image.pullPolicy }}
254
255
256
257
258
259
        command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
        volumeMounts:
        - name: redis-config
          mountPath: /usr/local/etc/redis/redis.conf
          subPath: redis.conf
          readOnly: true
Dominik Hebeler's avatar
Dominik Hebeler committed
260
261
262
263
264
265
        ports:
        - name: "{{ .Values.service.name }}-redis"
          containerPort: 6379
        livenessProbe:
          tcpSocket:
            port: "{{ .Values.service.name }}-redis"
Dominik Hebeler's avatar
Dominik Hebeler committed
266
          initialDelaySeconds: 15
Dominik Hebeler's avatar
Dominik Hebeler committed
267
268
269
270
          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
        readinessProbe:
          tcpSocket:
            port: "{{ .Values.service.name }}-redis"
Dominik Hebeler's avatar
Dominik Hebeler committed
271
          initialDelaySeconds: 5
Dominik Hebeler's avatar
Dominik Hebeler committed
272
273
          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
        resources:
Dominik Hebeler's avatar
Dominik Hebeler committed
274
{{ toYaml .Values.resourcesRedis | indent 12 }}
Dominik Hebeler's avatar
Dominik Hebeler committed
275
        securityContext:
276
277
          runAsUser: 999
          runAsGroup: 999
Dominik Hebeler's avatar
Dominik Hebeler committed
278
          allowPrivilegeEscalation: false
Dominik Hebeler's avatar
Dominik Hebeler committed
279
280
      # Fetcher Container
      - name: {{ .Chart.Name }}-fetcher
Dominik Hebeler's avatar
Dominik Hebeler committed
281
        image: {{ template "imagename" . }}
Dominik Hebeler's avatar
Dominik Hebeler committed
282
283
        command: ["/bin/sh"]
        args: ["-c", "php artisan requests:fetcher"]
284
        volumeMounts:
285
        - name: secrets
286
          mountPath: /html/.env
287
          subPath: env
288
          readOnly: true
Dominik Hebeler's avatar
Dominik Hebeler committed
289
290
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        livenessProbe:
Dominik Hebeler's avatar
Dominik Hebeler committed
291
292
293
294
          httpGet:
            path: "/health-check/liveness-worker"
            scheme: "HTTP"
            port: 8080
295
296
          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
Dominik Hebeler's avatar
Dominik Hebeler committed
297
        readinessProbe:
Dominik Hebeler's avatar
Dominik Hebeler committed
298
299
300
301
          httpGet:
            path: "/health-check/liveness-worker"
            scheme: "HTTP"
            port: 8080
Dominik Hebeler's avatar
Dominik Hebeler committed
302
303
          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
Dominik Hebeler's avatar
Dominik Hebeler committed
304
305
306
307
308
309
310
        startupProbe:
          httpGet:
            path: "/health-check/liveness-worker"
            scheme: "HTTP"
            port: 8080
          failureThreshold: 60
          periodSeconds: 1
Dominik Hebeler's avatar
Dominik Hebeler committed
311
        resources:
Dominik Hebeler's avatar
Dominik Hebeler committed
312
{{ toYaml .Values.resourcesFetcher | indent 12 }}
Dominik Hebeler's avatar
Dominik Hebeler committed
313
314
315
316
      # Scheduler Container
      - name: {{ .Chart.Name }}-scheduler
        image: {{ template "imagename" . }}
        command: ["/bin/sh"]
Dominik Hebeler's avatar
Dominik Hebeler committed
317
        args: ["-c", "php artisan schedule:work"]
Dominik Hebeler's avatar
Dominik Hebeler committed
318
319
320
321
322
        volumeMounts:
        - name: secrets
          mountPath: /html/.env
          subPath: env
          readOnly: true
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
        - name: mglogs-persistent-storage
          mountPath: /html/storage/logs/metager
          readOnly: false
        - name: secrets
          mountPath: /html/database/seeds/UsersSeeder.php
          subPath: userseeder
          readOnly: true
        - name: secrets
          mountPath: /html/config/sumas.json
          subPath: sumas
          readOnly: true
        - name: secrets
          mountPath: /html/config/sumasEn.json
          subPath: sumasen
          readOnly: true
        - name: secrets
          mountPath: /html/config/blacklistUrl.txt
          subPath: blacklisturl
          readOnly: true
        - name: secrets
          mountPath: /html/config/blacklistDomains.txt
          subPath: blacklistdomains
          readOnly: true
        - name: secrets
          mountPath: /html/config/adBlacklistUrl.txt
          subPath: adblacklisturl
          readOnly: true
        - name: secrets
          mountPath: /html/config/blacklistDescriptionUrl.txt
          subPath: blacklistDescriptionUrl
          readOnly: true
        - name: secrets
          mountPath: /html/config/adBlacklistDomains.txt
          subPath: adblacklistdomains
          readOnly: true
Dominik Hebeler's avatar
Dominik Hebeler committed
358
359
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        livenessProbe:
Dominik Hebeler's avatar
Dominik Hebeler committed
360
361
362
363
          httpGet:
            path: "/health-check/liveness-scheduler"
            scheme: "HTTP"
            port: 8080
Dominik Hebeler's avatar
Dominik Hebeler committed
364
365
366
          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
        readinessProbe:
Dominik Hebeler's avatar
Dominik Hebeler committed
367
368
369
370
          httpGet:
            path: "/health-check/liveness-scheduler"
            scheme: "HTTP"
            port: 8080
Dominik Hebeler's avatar
Dominik Hebeler committed
371
372
          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
Dominik Hebeler's avatar
Dominik Hebeler committed
373
374
375
376
377
378
379
        startupProbe:
          httpGet:
            path: "/health-check/liveness-scheduler"
            scheme: "HTTP"
            port: 8080
          failureThreshold: 60
          periodSeconds: 1
Dominik Hebeler's avatar
Dominik Hebeler committed
380
381
        resources:
{{ toYaml .Values.resourcesScheduler | indent 12 }}
Dominik Hebeler's avatar
Dominik Hebeler committed
382
{{- end -}}