mirror of
https://github.com/penpot/penpot-helm.git
synced 2025-01-03 13:20:14 -05:00
405 lines
18 KiB
YAML
405 lines
18 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "penpot.fullname" . }}-backend
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "penpot.labels" . | nindent 4 }}
|
|
{{- with .Values.backend.deploymentAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
{{- include "penpot.backendSelectorLabels" . | nindent 6 }}
|
|
replicas: {{ .Values.backend.replicaCount }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: penpot-backend
|
|
{{- include "penpot.backendSelectorLabels" . | nindent 8 }}
|
|
{{- with .Values.backend.podLabels }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.backend.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.global.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
|
{{- if .Values.backend.podSecurityContext.enabled }}
|
|
securityContext:
|
|
{{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
|
{{- end }}
|
|
affinity:
|
|
podAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/instance
|
|
operator: In
|
|
values:
|
|
- {{ .Release.Name }}
|
|
topologyKey: "kubernetes.io/hostname"
|
|
containers:
|
|
- name: {{ .Chart.Name }}-backend
|
|
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
|
|
imagePullPolicy: {{ .Values.backend.image.pullPolicy }}
|
|
{{- if .Values.backend.containerSecurityContext.enabled }}
|
|
securityContext:
|
|
{{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
env:
|
|
# General settings
|
|
- name: PENPOT_PUBLIC_URI
|
|
value: {{ .Values.config.publicUri | quote }}
|
|
- name: PENPOT_FLAGS
|
|
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
|
|
- name: PENPOT_SECRET_KEY
|
|
value: {{ .Values.config.apiSecretKey | quote }}
|
|
{{- if .Values.config.registrationDomainWhitelist }}
|
|
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
|
|
value: {{ .Values.config.registrationDomainWhitelist | quote }}
|
|
{{- end }}
|
|
- name: PENPOT_TELEMETRY_ENABLED
|
|
value: {{ .Values.config.telemetryEnabled | quote }}
|
|
# PosgreSQL connection settings
|
|
- name: PENPOT_DATABASE_URI
|
|
{{- if .Values.config.postgresql.host }}
|
|
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
|
|
{{- else }}
|
|
value: {{ print "postgresql://" (include "penpot.fullname" .) "-postgresql:" .Values.config.postgresql.port "/" .Values.config.postgresql.database }}
|
|
{{- end }}
|
|
- name: PENPOT_DATABASE_USERNAME
|
|
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
|
|
value: {{ .Values.config.postgresql.username | quote }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.postgresql.existingSecret }}
|
|
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
|
|
{{- end }}
|
|
- name: PENPOT_DATABASE_PASSWORD
|
|
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
|
|
value: {{ .Values.config.postgresql.password | quote }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.postgresql.existingSecret }}
|
|
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
|
|
{{- end }}
|
|
# Redis connection settings
|
|
- name: PENPOT_REDIS_URI
|
|
{{- if .Values.config.redis.host }}
|
|
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
|
|
{{- else }}
|
|
value: {{ print "redis://" (include "penpot.fullname" .) "-redis-master:" .Values.config.redis.port "/" .Values.config.redis.database }}
|
|
{{- end }}
|
|
# Assets storage settings
|
|
- name: PENPOT_ASSETS_STORAGE_BACKEND
|
|
value: {{ .Values.config.assets.storageBackend | quote }}
|
|
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
|
|
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
|
|
value: {{ .Values.config.assets.filesystem.directory | quote }}
|
|
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
|
|
- name: PENPOT_STORAGE_ASSETS_S3_REGION
|
|
value: {{ .Values.config.assets.s3.region | quote }}
|
|
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
|
|
value: {{ .Values.config.assets.s3.bucket | quote }}
|
|
- name: AWS_ACCESS_KEY_ID
|
|
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
|
|
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
|
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
|
|
{{- end }}
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
|
|
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
|
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
|
|
{{- end }}
|
|
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
|
|
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
|
|
value: {{ .Values.config.assets.s3.endpointURI | quote }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
|
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# SMTP settings
|
|
{{- if .Values.config.smtp.enabled }}
|
|
{{- if .Values.config.smtp.defaultFrom }}
|
|
- name: PENPOT_SMTP_DEFAULT_FROM
|
|
value: {{ .Values.config.smtp.defaultFrom | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.smtp.defaultReplyTo }}
|
|
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
|
|
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.smtp.host }}
|
|
- name: PENPOT_SMTP_HOST
|
|
value: {{ .Values.config.smtp.host | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.smtp.port }}
|
|
- name: PENPOT_SMTP_PORT
|
|
value: {{ .Values.config.smtp.port | quote }}
|
|
{{- end }}
|
|
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
|
|
- name: PENPOT_SMTP_USERNAME
|
|
value: {{ .Values.config.smtp.username | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_SMTP_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.smtp.existingSecret }}
|
|
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
|
|
{{- end }}
|
|
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
|
|
- name: PENPOT_SMTP_PASSWORD
|
|
value: {{ .Values.config.smtp.password | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_SMTP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.smtp.existingSecret }}
|
|
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
|
|
{{- end }}
|
|
{{- if .Values.config.smtp.tls }}
|
|
- name: PENPOT_SMTP_TLS
|
|
value: {{ .Values.config.smtp.tls | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.smtp.ssl }}
|
|
- name: PENPOT_SMTP_SSL
|
|
value: {{ .Values.config.smtp.ssl | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# Google Auth provider settings
|
|
{{- if .Values.config.providers.google.enabled }}
|
|
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
|
|
- name: PENPOT_GOOGLE_CLIENT_ID
|
|
value: {{ .Values.config.providers.google.clientID | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_GOOGLE_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.providers.existingSecret }}
|
|
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
|
|
{{- end }}
|
|
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
|
|
- name: PENPOT_GOOGLE_CLIENT_SECRET
|
|
value: {{ .Values.config.providers.google.clientSecret | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_GOOGLE_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.providers.existingSecret }}
|
|
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# Github Auth provider settings
|
|
{{- if .Values.config.providers.github.enabled }}
|
|
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
|
|
- name: PENPOT_GITHUB_CLIENT_ID
|
|
value: {{ .Values.config.providers.github.clientID | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_GITHUB_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.providers.existingSecret }}
|
|
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
|
|
{{- end }}
|
|
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
|
|
- name: PENPOT_GITHUB_CLIENT_SECRET
|
|
value: {{ .Values.config.providers.github.clientSecret | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_GITHUB_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.providers.existingSecret }}
|
|
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# Gitlab Auth provider settings
|
|
{{- if .Values.config.providers.gitlab.enabled }}
|
|
{{- if .Values.config.providers.gitlab.baseURI }}
|
|
- name: PENPOT_GITLAB_BASE_URI
|
|
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
|
|
{{- end }}
|
|
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
|
|
- name: PENPOT_GITLAB_CLIENT_ID
|
|
value: {{ .Values.config.providers.gitlab.clientID | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_GITLAB_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.providers.existingSecret }}
|
|
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
|
|
{{- end }}
|
|
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
|
|
- name: PENPOT_GITLAB_CLIENT_SECRET
|
|
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_GITLAB_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.providers.existingSecret }}
|
|
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# OIDC provider settings
|
|
{{- if .Values.config.providers.oidc.enabled }}
|
|
{{- if .Values.config.providers.oidc.baseURI }}
|
|
- name: PENPOT_OIDC_BASE_URI
|
|
value: {{ .Values.config.providers.oidc.baseURI | quote }}
|
|
{{- end }}
|
|
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
|
|
- name: PENPOT_OIDC_CLIENT_ID
|
|
value: {{ .Values.config.providers.oidc.clientID | quote}}
|
|
{{- else }}
|
|
- name: PENPOT_OIDC_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.providers.existingSecret }}
|
|
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
|
|
{{- end }}
|
|
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
|
|
- name: PENPOT_OIDC_CLIENT_SECRET
|
|
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
|
|
{{- else }}
|
|
- name: PENPOT_OIDC_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.config.providers.existingSecret }}
|
|
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.authURI }}
|
|
- name: PENPOT_OIDC_AUTH_URI
|
|
value: {{ .Values.config.providers.oidc.authURI | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.tokenURI }}
|
|
- name: PENPOT_OIDC_TOKEN_URI
|
|
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.userURI }}
|
|
- name: PENPOT_OIDC_USER_URI
|
|
value: {{ .Values.config.providers.oidc.userURI | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.roles }}
|
|
- name: PENPOT_OIDC_ROLES
|
|
value: {{ .Values.config.providers.oidc.roles | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.rolesAttribute }}
|
|
- name: PENPOT_OIDC_ROLES_ATTR
|
|
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.scopes }}
|
|
- name: PENPOT_OIDC_SCOPES
|
|
value: {{ .Values.config.providers.oidc.scopes | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.nameAttribute }}
|
|
- name: PENPOT_OIDC_NAME_ATTR
|
|
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.emailAttribute }}
|
|
- name: PENPOT_OIDC_EMAIL_ATTR
|
|
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.oidc.userInfoSource }}
|
|
- name: PENPOT_OIDC_USER_INFO_SOURCE
|
|
value: {{ .Values.config.providers.oidc.userInfoSource | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# LDAP provider settings
|
|
{{- if .Values.config.providers.ldap.enabled }}
|
|
{{- if .Values.config.providers.ldap.host }}
|
|
- name: PENPOT_LDAP_HOST
|
|
value: {{ .Values.config.providers.ldap.host | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.port }}
|
|
- name: PENPOT_LDAP_PORT
|
|
value: {{ .Values.config.providers.ldap.port | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.ssl }}
|
|
- name: PENPOT_LDAP_SSL
|
|
value: {{ .Values.config.providers.ldap.ssl | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.startTLS }}
|
|
- name: PENPOT_LDAP_STARTTLS
|
|
value: {{ .Values.config.providers.ldap.startTLS | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.baseDN }}
|
|
- name: PENPOT_LDAP_BASE_DN
|
|
value: {{ .Values.config.providers.ldap.baseDN | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.bindDN }}
|
|
- name: PENPOT_LDAP_BIND_DN
|
|
value: {{ .Values.config.providers.ldap.bindDN | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.bindPassword }}
|
|
- name: PENPOT_LDAP_BIND_PASSWORD
|
|
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.userQuery }}
|
|
- name: PENPOT_LDAP_USER_QUERY
|
|
value: {{ .Values.config.providers.ldap.userQuery | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.attributesUsername }}
|
|
- name: PENPOT_LDAP_ATTRS_USERNAME
|
|
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.attributesEmail }}
|
|
- name: PENPOT_LDAP_ATTRS_EMAIL
|
|
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.attributesFullname }}
|
|
- name: PENPOT_LDAP_ATTRS_FULLNAME
|
|
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
|
|
{{- end }}
|
|
{{- if .Values.config.providers.ldap.attributesPhoto }}
|
|
- name: PENPOT_LDAP_ATTRS_PHOTO
|
|
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- mountPath: /opt/data/assets
|
|
name: app-data
|
|
readOnly: false
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.backend.service.port }}
|
|
protocol: TCP
|
|
resources:
|
|
{{- toYaml .Values.backend.resources | nindent 12 }}
|
|
{{- with .Values.backend.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.backend.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.backend.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: app-data
|
|
{{- if .Values.persistence.assets.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.persistence.assets.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-assets" ) }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|