apiVersion: {{ eq .Values.kind "Rollout" | ternary "argoproj.io/v1alpha1" "apps/v1" }} kind: {{ .Values.kind }} metadata: name: {{ include "common.names.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} strategy: {{- if eq .Values.kind "Rollout" }} {{- if eq .Values.rollout.strategy.type "BlueGreen" }} blueGreen: activeService: {{ default (include "common.names.fullname" .) .Values.rollout.strategy.blueGreen.activeService | quote }} {{- if .Values.exposed }} previewService: {{ default (include "common.names.suffixedName" (dict "root" . "suffix" "preview")) .Values.rollout.strategy.blueGreen.previewService | quote }} {{- end }} autoPromotionEnabled: {{ .Values.rollout.strategy.blueGreen.autoPromotionEnabled }} previewReplicaCount: {{ .Values.rollout.strategy.blueGreen.previewReplicaCount }} antiAffinity: {{- .Values.rollout.strategy.blueGreen.antiAffinity | toYaml | nindent 8 }} scaleDownDelaySeconds: {{ .Values.rollout.strategy.blueGreen.scaleDownDelaySeconds }} # Add additional Blue-Green specific configurations here as needed {{- else if eq .Values.rollout.strategy.type "Canary" }} canary: {{- toYaml .Values.rollout.strategy.canary | nindent 6 }} {{- else if eq .Values.rollout.strategy.type "RollingUpdate" }} rollingUpdate: {{- toYaml .Values.rollout.strategy.rollingUpdate | nindent 6 }} {{- end }} {{- else }} {{- .Values.deployment.strategy | toYaml | nindent 4 }} {{- end }} template: metadata: annotations: {{- toYaml .Values.podAnnotations | nindent 8 }} labels: {{- include "common.labels.standard" . | nindent 8 }} spec: imagePullSecrets: {{- toYaml .Values.image.pullSecrets | nindent 8 }} volumes: - name: jwt secret: secretName: {{ .Values.application.jwt.secretName }} {{- if .Values.extraVolumes }} {{- .Values.extraVolumes | toYaml | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }} securityContext: readOnlyRootFilesystem: true runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.exposed }} ports: - name: http containerPort: 4000 protocol: TCP livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: {{- if .Values.application.jwt.enabled }} - name: jwt mountPath: /secrets/jwk.json subPath: {{ .Values.application.jwt.jwkSecretKey }} readOnly: true - name: jwt mountPath: /secrets/jwk-old.json subPath: {{ .Values.application.jwt.jwkOldSecretKey }} readOnly: true {{- end }} {{- if .Values.extraVolumeMounts }} {{- .Values.extraVolumeMounts | toYaml | nindent 12 }} {{- end }} env: - name: LOGLEVEL value: {{ .Values.application.logLevel }} - name: LOG_REQUESTS {{- if .Values.application.jwt.enabled }} value: {{ .Values.application.logRequests | quote }} - name: JWK_FILE value: /secrets/jwk.json - name: OLDJWK_FILE value: /secrets/jwk-old.json {{- end }} {{- if .Values.application.pg.enabled }} - name: DATABASE_URL valueFrom: secretKeyRef: name: {{ .Values.application.pg.dsnSecretName }} key: {{ .Values.application.pg.dsnSecretKey }} {{- end }} {{- if .Values.application.hasura.enabled }} - name: HASURA_GRAPHQL_URL value: {{ .Values.application.hasura.graphqlUrl }} - name: HASURA_WEB_HOOK_SECRET valueFrom: secretKeyRef: name: {{ .Values.application.hasura.webhookSecretName }} key: {{ .Values.application.hasura.webhookSecretKey }} - name: HASURA_GRAPHQL_ADMIN_SECRET valueFrom: secretKeyRef: name: {{ .Values.application.hasura.adminSecretName }} key: {{ .Values.application.hasura.adminSecretKey }} {{- end }} {{- if .Values.application.amqp.enabled }} - name: AMQP_URL valueFrom: secretKeyRef: name: {{ .Values.application.amqp.dsnSecretName }} key: {{ .Values.application.amqp.dsnSecretKey }} {{- end }} {{- if .Values.application.minio.enabled }} - name: MINIO_ENDPOINT value: {{ .Values.application.minio.endpoint }} - name: MINIO_PORT value: {{ .Values.application.minio.port | quote }} - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: name: {{ .Values.application.minio.secretName }} key: {{ .Values.application.minio.accessKeySecretKey }} - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: name: {{ .Values.application.minio.secretName }} key: {{ .Values.application.minio.secretKeySecretKey }} {{- end }} {{- if .Values.extraEnv }} {{ .Values.extraEnv | toYaml | nindent 12 }} {{- end }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} affinity: {{- toYaml .Values.affinity | nindent 8 }} tolerations: {{- toYaml .Values.tolerations | nindent 8 }}