664f6b9014
Add TOKEN_SECRET environment variable to HTTP service deployment and generate a random value for it in vars.yaml. Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
129 lines
5 KiB
YAML
129 lines
5 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "http.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "http.labels" . | nindent 4 }}
|
|
spec:
|
|
{{- if not .Values.autoscaling.enabled }}
|
|
replicas: {{ .Values.replicaCount }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "http.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
{{- with .Values.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "http.selectorLabels" . | nindent 8 }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "http.serviceAccountName" . }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
|
shareProcessNamespace: true
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
{{- if .Values.global.enterpriseEditionLicense }}
|
|
image: "{{ tpl .Values.image.repository . }}:{{ .Values.image.tag | default .Chart.AppVersion }}-ee"
|
|
{{- else }}
|
|
image: "{{ tpl .Values.image.repository . }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
{{- end }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
{{- if .Values.healthCheck}}
|
|
{{- .Values.healthCheck | toYaml | nindent 10}}
|
|
{{- end}}
|
|
env:
|
|
{{- range $key, $val := .Values.env }}
|
|
- name: {{ $key }}
|
|
value: '{{ $val }}'
|
|
{{- end}}
|
|
{{- range $key, $val := .Values.global.env }}
|
|
- name: {{ $key }}
|
|
value: '{{ $val }}'
|
|
{{- end }}
|
|
- name: AWS_ACCESS_KEY_ID
|
|
{{- if .Values.global.s3.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.global.s3.existingSecret }}
|
|
key: access-key
|
|
{{- else }}
|
|
value: {{ .Values.global.s3.accessKey }}
|
|
{{- end }}
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
{{- if .Values.global.s3.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.global.s3.existingSecret }}
|
|
key: secret-key
|
|
{{- else }}
|
|
value: {{ .Values.global.s3.secretKey }}
|
|
{{- end }}
|
|
- name: AWS_REGION
|
|
value: '{{ .Values.global.s3.region }}'
|
|
- name: AWS_ENDPOINT
|
|
value: '{{- include "openreplay.s3Endpoint" . }}'
|
|
- name: LICENSE_KEY
|
|
value: '{{ .Values.global.enterpriseEditionLicense }}'
|
|
- name: KAFKA_SERVERS
|
|
value: '{{ .Values.global.kafka.kafkaHost }}:{{ .Values.global.kafka.kafkaPort }}'
|
|
- name: KAFKA_USE_SSL
|
|
value: '{{ .Values.global.kafka.kafkaUseSsl }}'
|
|
- name: pg_password
|
|
{{- if .Values.global.postgresql.existingSecret }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.global.postgresql.existingSecret }}
|
|
key: postgresql-postgres-password
|
|
{{- else }}
|
|
value: '{{ .Values.global.postgresql.postgresqlPassword }}'
|
|
{{- end}}
|
|
- name: POSTGRES_STRING
|
|
value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:$(pg_password)@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
|
|
{{- include "openreplay.env.redis_string" .Values.global.redis | nindent 12 }}
|
|
- name: JWT_SECRET
|
|
value: {{ .Values.global.jwtSecret }}
|
|
- name: JWT_SPOT_SECRET
|
|
value: {{ .Values.global.jwtSpotSecret }}
|
|
- name: TOKEN_SECRET
|
|
value: {{ .Values.global.tokenSecret }}
|
|
ports:
|
|
{{- range $key, $val := .Values.service.ports }}
|
|
- name: {{ $key }}
|
|
containerPort: {{ $val }}
|
|
protocol: TCP
|
|
{{- end }}
|
|
volumeMounts:
|
|
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 12 }}
|
|
{{- with .Values.persistence.mounts }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
volumes:
|
|
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 8 }}
|
|
{{- with .Values.persistence.volumes }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|