-
Notifications
You must be signed in to change notification settings - Fork 27
Expand file tree
/
Copy pathdeployment.yaml
More file actions
185 lines (185 loc) · 7.71 KB
/
deployment.yaml
File metadata and controls
185 lines (185 loc) · 7.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
apiVersion: {{ template "codimd.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "codimd.fullname" . }}
labels:
app.kubernetes.io/component: server
{{- include "codimd.labels" . | nindent 4 }}
spec:
replicas: 1
strategy:
{{ if .Values.codimd.imageStorePersistentVolume.enabled }}
type: Recreate
{{ else }}
{{/* Because of CodiMD using socket.io as realtime server, if their has many instances may breaking note contents */}}
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
{{ end }}
selector:
matchLabels:
app.kubernetes.io/component: server
app.kubernetes.io/name: {{ include "codimd.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
name: {{ template "codimd.fullname" . }}
labels:
app.kubernetes.io/component: server
{{- include "codimd.labels" . | nindent 8 }}
annotations:
checksum/db-secret: {{ include (print $.Template.BasePath "/db-secret.yaml") . | sha256sum | quote }}
checksum/auth-secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum | quote }}
{{ if .Values.codimd.security.sessionSecret }}
checksum/session-secret: {{ include (print $.Template.BasePath "/session-secret.yaml") . | sha256sum | quote }}
{{ end }}
{{ if contains "true" (include "codimd.needImageSecret" .) }}
checksum/session-secret: {{ include (print $.Template.BasePath "/image-upload-secret.yaml") . | sha256sum | quote }}
{{ end }}
{{ if .Values.codimd.podAnnotations }}
{{ toYaml .Values.codimd.podAnnotations | nindent 8 }}
{{ end }}
spec:
{{ if .Values.codimd.securityContext }}
securityContext:
{{ toYaml .Values.codimd.securityContext | nindent 8 }}
{{ end }}
{{ if .Values.codimd.affinity }}
affinity:
{{ toYaml .Values.codimd.affinity | nindent 8 }}
{{ end }}
{{ if .Values.codimd.tolerations }}
tolerations:
{{ toYaml .Values.codimd.tolerations | nindent 8 }}
{{ end }}
{{ if .Values.codimd.nodeSelector }}
nodeSelector:
{{ toYaml .Values.codimd.nodeSelector | nindent 8 }}
{{ end }}
{{ if .Values.image.pullSecrets }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | nindent 8 }}
{{end }}
containers:
- name: codimd
image: {{ template "codimd.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
{{ if .Values.codimd.connection.domain }}
- name: CMD_DOMAIN
value: {{ .Values.codimd.connection.domain | quote }}
{{ end }}
- name: CMD_URL_ADDPORT
value: {{ .Values.codimd.connection.urlAddPort | quote }}
- name: CMD_PROTOCOL_USESSL
value: {{ .Values.codimd.connection.protocolUseSSL | quote }}
- name: CMD_USECDN
value: {{ .Values.codimd.security.useCDN | quote }}
- name: CMD_DB_URL
valueFrom:
secretKeyRef:
name: {{ template "codimd.shortName" . }}-db-secret
key: connection
- name: CMD_SESSION_LIFE
value: {{ .Values.codimd.security.sessionLife | quote }}
- name: CMD_HSTS_ENABLE
value: {{ .Values.codimd.security.hstsEnabled | quote }}
- name: CMD_HSTS_MAX_AGE
value: {{ .Values.codimd.security.hstsMaxAge | quote }}
- name: CMD_HSTS_INCLUDE_SUBDOMAINS
value: {{ .Values.codimd.security.hstsIncludeSubdomain | quote }}
- name: CMD_HSTS_PRELOAD
value: {{ .Values.codimd.security.hstsPreload | quote }}
- name: CMD_CSP_ENABLE
value: {{ .Values.codimd.security.cspEnabled | quote }}
{{ if .Values.codimd.security.cspReportUri }}
- name: CMD_CSP_REPORTURI
value: {{ .Values.codimd.security.cspReportUri | quote }}
{{ end }}
{{ if .Values.codimd.security.allowOrigin }}
- name: CMD_ALLOW_ORIGIN
value: {{ .Values.codimd.security.allowOrigin | quote }}
{{ end }}
- name: CMD_ALLOW_GRAVATAR
value: {{ .Values.codimd.security.allowGravatar | quote }}
- name: CMD_RESPONSE_MAX_LAG
value: {{ .Values.codimd.responseMaxLag | quote }}
- name: CMD_IMAGE_UPLOAD_TYPE
value: {{ .Values.codimd.imageUpload.storeType | quote }}
- name: CMD_ALLOW_FREEURL
value: {{ .Values.codimd.noteCreation.freeUrlEnabled | quote }}
- name: CMD_FORBIDDEN_NOTE_IDS
value: {{ .Values.codimd.noteCreation.freeUrlForbiddenNoteIds | quote }}
- name: CMD_DEFAULT_PERMISSION
value: {{ .Values.codimd.noteCreation.defaultPermission | quote }}
- name: CMD_ALLOW_ANONYMOUS_EDITS
value: {{ .Values.codimd.notePermission.allowAnonymousEdit | quote}}
- name: CMD_ALLOW_ANONYMOUS_VIEWS
value: {{ .Values.codimd.notePermission.allowAnonymousView | quote}}
- name: CMD_ALLOW_PDF_EXPORT
value: {{ .Values.codimd.allowPDFExport | quote }}
{{ if .Values.codimd.markdown.plantUMLServer }}
- name: CMD_PLANTUML_SERVER
value: {{ .Values.codimd.markdown.plantUMLServer }}
{{ end }}
- name: CMD_DEFAULT_USE_HARD_BREAK
value: {{ .Values.codimd.markdown.useHardBreak | quote }}
- name: CMD_LINKIFY_HEADER_STYLE
value: {{ .Values.codimd.markdown.linkifyHeaderStyle | quote }}
- name: CMD_AUTO_VERSION_CHECK
value: {{ .Values.codimd.versionCheck | quote }}
{{ if .Values.codimd.extraEnvironmentVariables }}
{{ range $key, $val := .Values.codimd.extraEnvironmentVariables }}
- name: {{ $key | quote }}
value: {{ $val | quote }}
{{ end }}
{{ end }}
{{- if .Values.codimd.extraEnvironmentVariablesFrom }}
{{- toYaml .Values.codimd.extraEnvironmentVariablesFrom | nindent 12 }}
{{- end }}
envFrom:
- secretRef:
name: {{ template "codimd.shortName" . }}-auth-env
{{ if .Values.codimd.security.sessionSecret }}
- secretRef:
name: {{ template "codimd.shortName" . }}-session
{{ end }}
{{ if contains "true" (include "codimd.needImageSecret" .) }}
- secretRef:
name: {{ template "codimd.shortName" . }}-image-upload
{{ end }}
ports:
- name: http
containerPort: 3000
{{ if .Values.codimd.imageStorePersistentVolume.enabled }}
volumeMounts:
- mountPath: /home/hackmd/app/public/uploads
name: image-store
{{ end }}
readinessProbe:
httpGet:
port: 3000
path: /status
initialDelaySeconds: 3
failureThreshold: 2
successThreshold: 3
timeoutSeconds: 2
periodSeconds: 5
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 3000
scheme: HTTP
initialDelaySeconds: 3
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
restartPolicy: Always
{{ if .Values.codimd.imageStorePersistentVolume.enabled }}
volumes:
- name: image-store
persistentVolumeClaim:
claimName: {{ template "codimd.fullname" . }}
{{ end }}