deploy-templates/templates/deployment.yaml (97 lines of code) (raw):
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.name }}-deployment
labels:
app: {{ .Values.name }}
version: {{ .Values.version }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Values.name }}
version: {{ .Values.version }}
strategy:
type: RollingUpdate
template:
metadata:
annotations:
sidecar.istio.io/inject: "true"
labels:
app: {{ .Values.name }}
version: {{ .Values.version }}
collect.logs: "json"
spec:
serviceAccountName: {{ .Values.name }}
containers:
- name: {{ .Values.name }}
image: "{{ .Values.image.name }}:{{ .Values.image.version }}"
imagePullPolicy: Always
ports:
- containerPort: {{ .Values.port }}
protocol: TCP
livenessProbe:
httpGet:
path: {{ .Values.probes.liveness.path }}
port: {{ .Values.port }}
failureThreshold: 1
initialDelaySeconds: 180
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: {{ .Values.probes.readiness.path }}
port: {{ .Values.port }}
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 5
{{- if not .Values.global.disableRequestsLimits }}
resources:
limits:
cpu: 400m
memory: 800Mi
requests:
cpu: 400m
memory: 800Mi
{{- end }}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /app/config/config.yaml
name: config
readOnly: true
subPath: config.yaml
- name: {{ .Values.keycloak.publicApiClient.secretName }}
mountPath: /app/secrets/public-api-client
readOnly: true
- mountPath: /app/secrets/vaulttoken
name: {{ .Chart.Name }}-gateway-vault-token
readOnly: true
env:
- name: JAVA_OPTS
value: {{ .Values.java.javaOpts }}
initContainers:
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: config
configMap:
name: platform-gateway-properties
- name: {{ .Values.keycloak.publicApiClient.secretName }}
secret:
secretName: {{ .Values.keycloak.publicApiClient.secretName }}
items:
- key: clientSecret
path: keycloak.public-api.client-secret
- name: {{ .Chart.Name }}-gateway-vault-token
secret:
secretName: {{ .Values.vault.tokenSecret }}
items:
- key: token
path: vault.token