apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {{ .Values.conf.appName | quote }}
name: {{ .Values.conf.appName | quote }}
namespace: {{ .Release.Namespace | quote }}
spec:
selector:
matchLabels:
app: {{ .Values.conf.appName | quote }}
replicas: 1
template:
metadata:
labels:
app: {{ .Values.conf.appName | quote }}
sidecar.istio.io/inject: {{ .Values.istio.sidecarInject | quote }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
sidecar.istio.io/proxyCPU: {{ .Values.istio.proxyCPU | quote }}
sidecar.istio.io/proxyMemory: {{ .Values.istio.proxyMemory | quote }}
sidecar.istio.io/proxyCPULimit: {{ .Values.istio.proxyCPULimit | quote }}
sidecar.istio.io/proxyMemoryLimit: {{ .Values.istio.proxyMemoryLimit | quote }}
spec:
containers:
- name: {{ .Values.conf.appName | quote }}
image: {{ .Values.data.image | quote }}
imagePullPolicy: {{ .Values.data.imagePullPolicy | quote }}
env:
- name: REDIS_GROUP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.conf.indexerRedisSecretName | quote }}
key: REDIS_PASSWORD
- name: REDIS_SEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.conf.indexerRedisSecretName | quote }}
key: REDIS_PASSWORD
envFrom:
- configMapRef:
name: {{ .Values.conf.configmap | quote }}
- secretRef:
name: {{ .Values.conf.elasticSecretName | quote }}
{{- if .Values.global.onPremEnabled }}
- secretRef:
name: {{ .Values.conf.keycloakSecretName | quote }}
- secretRef:
name: {{ .Values.conf.rabbitmqSecretName | quote }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
ports:
- containerPort: 8080
resources:
requests:
cpu: {{ .Values.data.requestsCpu | quote }}
memory: {{ .Values.data.requestsMemory | quote }}
{{- if .Values.global.limitsEnabled }}
limits:
cpu: {{ .Values.data.limitsCpu | quote }}
memory: {{ .Values.data.limitsMemory | quote }}
{{- end }}
serviceAccountName: {{ .Values.data.serviceAccountName | quote }}