rancher-charts/charts/epinio/102.0.3+up1.8.1/templates/ui/deployment.yaml

{{- if .Values.epinioUI.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: epinio-ui
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: epinio-ui
    app.kubernetes.io/instance: {{ .Release.Name }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: epinio-ui
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: epinio-ui
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      nodeSelector:
        {{- include "linux-node-selector" . | nindent 8 }}
      tolerations:
        {{- include "linux-node-tolerations" . | nindent 8 }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{- if .Values.global.rbac.pspEnabled }}
      serviceAccountName: epinio-ui
{{- end }}
{{- end }}
      containers:
      - name: epinio-ui
        {{ $epinioUiImage := index .Values "image" "epinio-ui" -}}
        image: "{{ default $epinioUiImage.registry (include "registry-url" .) }}{{ $epinioUiImage.repository }}:{{ $epinioUiImage.tag }}"
        imagePullPolicy: {{ .Values.epinioUI.imagePullPolicy }}
        workingDir: /db

        env:
        - name: ALLOWED_ORIGINS
          value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioUI.allowedOrigins }}
        - name: EPINIO_API_URL
          value: {{ default (printf "http://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioUI.apiURL }}
        - name: EPINIO_WSS_URL
          value: {{ default (printf "ws://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioUI.wssURL }}
        - name: EPINIO_UI_URL
          value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioUI.uiURL }}
        - name: EPINIO_API_SKIP_SSL
          value: {{ (default "false" .Values.epinioUI.apiSkipSSL) | quote }}
        - name: EPINIO_THEME
          value: {{ (default "light" .Values.epinioUI.theme) | quote }}
        {{- if .Values.global.dex.enabled }}
        - name: EPINIO_DEX_AUTH_URL
          value: {{ default (printf "http://dex.%s.svc.cluster.local:5556" .Release.Namespace) .Values.epinioUI.dexURL }}
        - name: EPINIO_DEX_ISSUER
          value: {{ printf "https://auth.%s" .Values.global.domain }}
        - name: EPINIO_DEX_ENABLED
          value: "true"
        - name: EPINIO_DEX_SECRET
          valueFrom:
            secretKeyRef:
              name: dex-config
              key: uiClientSecret
        {{- end }}
        - name: HTTP_CLIENT_TIMEOUT_IN_SECS
          value: "120"
        - name: SESSION_STORE_SECRET
          valueFrom:
            secretKeyRef:
              name: epinio-ui
              key: sessionSecret
        - name: SESSION_STORE_EXPIRY
          value: "1440"
        - name: UI_PATH
          value: "/ui"
        - name: AUTH_ENDPOINT_TYPE
          value: epinio
        - name: ENCRYPTION_KEY
          valueFrom:
            secretKeyRef:
              name: epinio-ui
              key: encryptionKey

        - name: DATABASE_PROVIDER
          value: sqlite
        - name: HTTPS
          value: "false"
        - name: CONSOLE_PROXY_TLS_ADDRESS
          value: 0.0.0.0:8000
        - name: LOG_LEVEL
          value: {{ .Values.epinioUI.logLevel | quote }}
        volumeMounts:
          - name: tmp
            mountPath: /tmp
            readOnly: false
          - name: db
            mountPath: /db
            readOnly: false

        securityContext:
          runAsUser: 1000
          runAsNonRoot: true
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
        livenessProbe:
          tcpSocket:
            port: 8000
          initialDelaySeconds: 15
          periodSeconds: 20
        readinessProbe:
          tcpSocket:
            port: 8000
          initialDelaySeconds: 5
          periodSeconds: 5
      volumes:
        - name: tmp
          emptyDir: {}
        - name: db
          emptyDir: {}

{{- end }}
make charts, release.yaml 2023-06-13 08:32:16 +00:00			`{{- if .Values.epinioUI.enabled }}`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: epinio-ui`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`app.kubernetes.io/name: epinio-ui`
			`app.kubernetes.io/instance: {{ .Release.Name }}`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app.kubernetes.io/name: epinio-ui`
			`app.kubernetes.io/instance: {{ .Release.Name }}`
			`template:`
			`metadata:`
			`labels:`
			`app.kubernetes.io/name: epinio-ui`
			`app.kubernetes.io/instance: {{ .Release.Name }}`
			`spec:`
			`nodeSelector:`
			`{{- include "linux-node-selector" . \| nindent 8 }}`
			`tolerations:`
			`{{- include "linux-node-tolerations" . \| nindent 8 }}`
			`{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}`
			`{{- if .Values.global.rbac.pspEnabled }}`
			`serviceAccountName: epinio-ui`
			`{{- end }}`
			`{{- end }}`
			`containers:`
			`- name: epinio-ui`
			`{{ $epinioUiImage := index .Values "image" "epinio-ui" -}}`
			`image: "{{ default $epinioUiImage.registry (include "registry-url" .) }}{{ $epinioUiImage.repository }}:{{ $epinioUiImage.tag }}"`
			`imagePullPolicy: {{ .Values.epinioUI.imagePullPolicy }}`
			`workingDir: /db`

			`env:`
			`- name: ALLOWED_ORIGINS`
			`value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioUI.allowedOrigins }}`
			`- name: EPINIO_API_URL`
			`value: {{ default (printf "http://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioUI.apiURL }}`
			`- name: EPINIO_WSS_URL`
			`value: {{ default (printf "ws://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioUI.wssURL }}`
			`- name: EPINIO_UI_URL`
			`value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioUI.uiURL }}`
			`- name: EPINIO_API_SKIP_SSL`
			`value: {{ (default "false" .Values.epinioUI.apiSkipSSL) \| quote }}`
			`- name: EPINIO_THEME`
			`value: {{ (default "light" .Values.epinioUI.theme) \| quote }}`
			`{{- if .Values.global.dex.enabled }}`
			`- name: EPINIO_DEX_AUTH_URL`
			`value: {{ default (printf "http://dex.%s.svc.cluster.local:5556" .Release.Namespace) .Values.epinioUI.dexURL }}`
			`- name: EPINIO_DEX_ISSUER`
			`value: {{ printf "https://auth.%s" .Values.global.domain }}`
			`- name: EPINIO_DEX_ENABLED`
			`value: "true"`
			`- name: EPINIO_DEX_SECRET`
			`valueFrom:`
			`secretKeyRef:`
			`name: dex-config`
			`key: uiClientSecret`
			`{{- end }}`
			`- name: HTTP_CLIENT_TIMEOUT_IN_SECS`
			`value: "120"`
			`- name: SESSION_STORE_SECRET`
			`valueFrom:`
			`secretKeyRef:`
			`name: epinio-ui`
			`key: sessionSecret`
			`- name: SESSION_STORE_EXPIRY`
			`value: "1440"`
			`- name: UI_PATH`
			`value: "/ui"`
			`- name: AUTH_ENDPOINT_TYPE`
			`value: epinio`
			`- name: ENCRYPTION_KEY`
			`valueFrom:`
			`secretKeyRef:`
			`name: epinio-ui`
			`key: encryptionKey`

			`- name: DATABASE_PROVIDER`
			`value: sqlite`
			`- name: HTTPS`
			`value: "false"`
			`- name: CONSOLE_PROXY_TLS_ADDRESS`
			`value: 0.0.0.0:8000`
			`- name: LOG_LEVEL`
			`value: {{ .Values.epinioUI.logLevel \| quote }}`
			`volumeMounts:`
			`- name: tmp`
			`mountPath: /tmp`
			`readOnly: false`
			`- name: db`
			`mountPath: /db`
			`readOnly: false`

			`securityContext:`
			`runAsUser: 1000`
			`runAsNonRoot: true`
			`allowPrivilegeEscalation: false`
			`readOnlyRootFilesystem: true`
			`livenessProbe:`
			`tcpSocket:`
			`port: 8000`
			`initialDelaySeconds: 15`
			`periodSeconds: 20`
			`readinessProbe:`
			`tcpSocket:`
			`port: 8000`
			`initialDelaySeconds: 5`
			`periodSeconds: 5`
			`volumes:`
			`- name: tmp`
			`emptyDir: {}`
			`- name: db`
			`emptyDir: {}`

			`{{- end }}`