rancher-charts/charts/epinio/102.0.3+up1.8.1/templates/ui/deployment.yaml

122 lines
4.0 KiB
YAML

{{- if .Values.epinioUI.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: epinio-ui
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: epinio-ui
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: epinio-ui
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: epinio-ui
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
nodeSelector:
{{- include "linux-node-selector" . | nindent 8 }}
tolerations:
{{- include "linux-node-tolerations" . | nindent 8 }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{- if .Values.global.rbac.pspEnabled }}
serviceAccountName: epinio-ui
{{- end }}
{{- end }}
containers:
- name: epinio-ui
{{ $epinioUiImage := index .Values "image" "epinio-ui" -}}
image: "{{ default $epinioUiImage.registry (include "registry-url" .) }}{{ $epinioUiImage.repository }}:{{ $epinioUiImage.tag }}"
imagePullPolicy: {{ .Values.epinioUI.imagePullPolicy }}
workingDir: /db
env:
- name: ALLOWED_ORIGINS
value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioUI.allowedOrigins }}
- name: EPINIO_API_URL
value: {{ default (printf "http://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioUI.apiURL }}
- name: EPINIO_WSS_URL
value: {{ default (printf "ws://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioUI.wssURL }}
- name: EPINIO_UI_URL
value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioUI.uiURL }}
- name: EPINIO_API_SKIP_SSL
value: {{ (default "false" .Values.epinioUI.apiSkipSSL) | quote }}
- name: EPINIO_THEME
value: {{ (default "light" .Values.epinioUI.theme) | quote }}
{{- if .Values.global.dex.enabled }}
- name: EPINIO_DEX_AUTH_URL
value: {{ default (printf "http://dex.%s.svc.cluster.local:5556" .Release.Namespace) .Values.epinioUI.dexURL }}
- name: EPINIO_DEX_ISSUER
value: {{ printf "https://auth.%s" .Values.global.domain }}
- name: EPINIO_DEX_ENABLED
value: "true"
- name: EPINIO_DEX_SECRET
valueFrom:
secretKeyRef:
name: dex-config
key: uiClientSecret
{{- end }}
- name: HTTP_CLIENT_TIMEOUT_IN_SECS
value: "120"
- name: SESSION_STORE_SECRET
valueFrom:
secretKeyRef:
name: epinio-ui
key: sessionSecret
- name: SESSION_STORE_EXPIRY
value: "1440"
- name: UI_PATH
value: "/ui"
- name: AUTH_ENDPOINT_TYPE
value: epinio
- name: ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: epinio-ui
key: encryptionKey
- name: DATABASE_PROVIDER
value: sqlite
- name: HTTPS
value: "false"
- name: CONSOLE_PROXY_TLS_ADDRESS
value: 0.0.0.0:8000
- name: LOG_LEVEL
value: {{ .Values.epinioUI.logLevel | quote }}
volumeMounts:
- name: tmp
mountPath: /tmp
readOnly: false
- name: db
mountPath: /db
readOnly: false
securityContext:
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
livenessProbe:
tcpSocket:
port: 8000
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
tcpSocket:
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: tmp
emptyDir: {}
- name: db
emptyDir: {}
{{- end }}