diff --git a/charts/modjo-microservice/templates/_helpers.tpl b/charts/modjo-microservice/templates/_helpers.tpl index 2ed072c..1e2876f 100644 --- a/charts/modjo-microservice/templates/_helpers.tpl +++ b/charts/modjo-microservice/templates/_helpers.tpl @@ -36,3 +36,24 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/name: {{ include "common.names.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} + +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/charts/modjo-microservice/templates/rollout-deployment.yaml b/charts/modjo-microservice/templates/rollout-deployment.yaml index 7b0f94c..88bd83c 100644 --- a/charts/modjo-microservice/templates/rollout-deployment.yaml +++ b/charts/modjo-microservice/templates/rollout-deployment.yaml @@ -59,30 +59,62 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }} + {{- with .Values.podSecurityContext }} securityContext: - readOnlyRootFilesystem: true - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false + {{- toYaml . | nindent 12 }} + {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.exposed }} ports: - name: http - containerPort: 4000 + containerPort: {{ .Values.httpContainerPort }} protocol: TCP + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} livenessProbe: httpGet: - path: / - port: http + path: /live + port: 9000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} readinessProbe: httpGet: - path: / - port: http + path: /ready + port: 9000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: + httpGet: + path: /live + port: 9000 + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- end }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} volumeMounts: {{- if .Values.application.jwt.enabled }} - name: jwt @@ -158,6 +190,17 @@ spec: {{- (tpl ($value | toYaml) $) | nindent 14 }} {{- end }} {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.initContainers }} + initContainers: + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} affinity: diff --git a/charts/modjo-microservice/values.yaml b/charts/modjo-microservice/values.yaml index 48bb621..2ea4541 100644 --- a/charts/modjo-microservice/values.yaml +++ b/charts/modjo-microservice/values.yaml @@ -43,11 +43,56 @@ extraEnv: extraVolumes: extraVolumeMounts: +livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 +startupProbe: + enabled: false + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 +customLivenessProbe: {} +customReadinessProbe: {} +customStartupProbe: {} +lifecycleHooks: {} +initContainers: [] +sidecars: [] + commonAnnotations: {} commonLabels: {} +podSecurityContext: + fsGroup: 1000 + +securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + capabilities: + drop: + - ALL + + podAnnotations: +httpContainerPort: 4000 + service: enabled: true type: ClusterIP