apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kyoo.fullname" . }}-back namespace: {{ .Release.Namespace }} annotations: {{- with .Values.global.annotations }} {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "kyoo.back.labels" . | nindent 4 }} {{- with .Values.global.labels }} {{ toYaml . | nindent 4 }} {{- end }} spec: revisionHistoryLimit: 3 replicas: {{ .Values.back.replicas }} strategy: type: Recreate selector: matchLabels: {{- include "kyoo.back.matchLabels" . | nindent 6 }} template: metadata: labels: {{- include "kyoo.back.labels" . | nindent 8 }} app.kubernetes.io/component: {{ template "kyoo.name" . }}-back annotations: {{- with .Values.back.podAnnotations }} {{ toYaml . | nindent 8 }} {{- end }} spec: affinity: {{- with .Values.back.affinity }} {{ toYaml . | nindent 8 }} {{- end }} nodeSelector: {{- with .Values.back.nodeSelector }} {{ toYaml . | nindent 8 }} {{- end }} tolerations: {{- with .Values.back.tolerations }} {{ toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ template "kyoo.serviceAccountName" . }} securityContext: {{- with .Values.back.securityContext }} {{ toYaml . | nindent 8 }} {{- end }} containers: - name: {{ template "kyoo.fullname" . }}-back image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}" imagePullPolicy: {{ .Values.back.image.pullPolicy }} resources: {{ toYaml .Values.back.resources | nindent 12 }} ports: - name: kyoo-back containerPort: {{ .Values.back.service.port }} protocol: TCP volumeMounts: - name: kyoo-back mountPath: /kyoo env: {{- with .Values.back.extraVars }} {{- toYaml . | nindent 12 }} {{- end }} - name: REQUIRE_ACCOUNT_VERIFICATION value: "{{ .Values.config.requireAccountVerification }}" - name: UNLOGGED_PERMISSIONS value: "{{ .Values.config.unloggedPermissions }}" - name: DEFAULT_PERMISSIONS value: "{{ .Values.config.defaultPermissions }}" - name: AUTHENTICATION_SECRET valueFrom: secretKeyRef: name: "{{ .Values.config.secretAuthenticationKey.existingSecretName }}" key: "{{ .Values.config.secretAuthenticationKey.existingSecretKey }}" - name: KYOO_APIKEYS valueFrom: secretKeyRef: name: "{{ .Values.config.secretAPIKey.existingSecretName }}" key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}" - name: PUBLIC_URL value: "{{ .Values.config.publicUrl }}" - name: POSTGRES_USER value: "{{ .Values.config.postgresql.username }}" - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: "{{ .Values.config.postgresql.existingSecretName }}" key: "{{ .Values.config.postgresql.passwordKey }}" - name: POSTGRES_DB value: "{{ .Values.config.postgresql.database }}" - name: POSTGRES_SERVER value: "{{ .Values.config.postgresql.host }}" - name: POSTGRES_PORT value: "{{ .Values.config.postgresql.port }}" {{ if .Values.config.oidc.enabled }} - name: OIDC_SERVICE_NAME value: "{{ .Values.config.oidc.name }}" - name: OIDC_SERVICE_LOGO value: "{{ .Values.config.oidc.logo }}" - name: OIDC_SERVICE_AUTHORIZATION value: "{{ .Values.config.oidc.authorization }}" - name: OIDC_SERVICE_TOKEN value: "{{ .Values.config.oidc.token }}" - name: OIDC_SERVICE_PROFILE value: "{{ .Values.config.oidc.profile }}" - name: OIDC_SERVICE_SCOPE value: "{{ .Values.config.oidc.scope }}" - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: "{{ .Values.config.oidc.existingSecretName }}" key: "{{ .Values.config.oidc.clientIDKey }}" - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: "{{ .Values.config.oidc.existingSecretName }}" key: "{{ .Values.config.oidc.secretIDKey }}" {{ end }} - name: MEILI_HOST value: http://{{ template "kyoo.fullname" . }}-meilisearch.{{ .Release.Namespace }}:{{ .Values.meilisearch.service.port }} - name: MEILI_MASTER_KEY valueFrom: secretKeyRef: name: "{{ .Values.meilisearch.auth.existingMasterKeySecret }}" key: MEILI_MASTER_KEY - name: RABBITMQ_HOST value: {{ template "kyoo.fullname" . }}-rabbitmq - name: RABBITMQ_DEFAULT_USER value: "{{ .Values.rabbitmq.auth.username }}" - name: RABBITMQ_DEFAULT_PASS valueFrom: secretKeyRef: name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}" key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}" {{- if .Values.back.livenessProbe.enabled }} livenessProbe: httpGet: path: {{ .Values.back.livenessProbe.path }} port: {{ .Values.back.service.port }} initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.back.livenessProbe.successThreshold }} failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }} {{- end }} {{- if .Values.back.readinessProbe.enabled }} readinessProbe: httpGet: path: {{ .Values.back.livenessProbe.path }} port: {{ .Values.back.service.port }} initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.back.readinessProbe.successThreshold }} failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }} {{- end }} volumes: - name: kyoo-back {{- if .Values.persistence.back.enabled }} persistentVolumeClaim: claimName: {{ include "kyoo.backVolumeName" . }} {{- else }} emptyDir: {} {{- end }}