apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "hemmelig.fullname" . }} labels: {{- include "hemmelig.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: type: Recreate selector: matchLabels: {{- include "hemmelig.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "hemmelig.labels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "hemmelig.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: 3000 protocol: TCP env: - name: NODE_ENV value: "production" - name: DATABASE_URL value: "file:/app/database/hemmelig.db" {{- if .Values.config.betterAuthUrl }} - name: BETTER_AUTH_URL value: {{ .Values.config.betterAuthUrl | quote }} {{- end }} {{- if .Values.config.baseUrl }} - name: HEMMELIG_BASE_URL value: {{ .Values.config.baseUrl | quote }} {{- end }} {{- if .Values.existingSecret }} - name: BETTER_AUTH_SECRET valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: BETTER_AUTH_SECRET {{- else if .Values.config.betterAuthSecret }} - name: BETTER_AUTH_SECRET valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: BETTER_AUTH_SECRET {{- end }} {{- if or (.Values.oauth.github.enabled) (.Values.oauth.google.enabled) (.Values.oauth.microsoft.enabled) (.Values.oauth.discord.enabled) (.Values.oauth.gitlab.enabled) (.Values.oauth.apple.enabled) (.Values.oauth.twitter.enabled) (.Values.oauth.generic) }} {{- if .Values.existingSecret }} # OAuth variables from existing secret {{- if .Values.oauth.github.enabled }} - name: HEMMELIG_AUTH_GITHUB_ID valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_GITHUB_ID - name: HEMMELIG_AUTH_GITHUB_SECRET valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_GITHUB_SECRET {{- end }} {{- if .Values.oauth.google.enabled }} - name: HEMMELIG_AUTH_GOOGLE_ID valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_GOOGLE_ID - name: HEMMELIG_AUTH_GOOGLE_SECRET valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_GOOGLE_SECRET {{- end }} {{- if .Values.oauth.microsoft.enabled }} - name: HEMMELIG_AUTH_MICROSOFT_ID valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_MICROSOFT_ID - name: HEMMELIG_AUTH_MICROSOFT_SECRET valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_MICROSOFT_SECRET - name: HEMMELIG_AUTH_MICROSOFT_TENANT_ID valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_MICROSOFT_TENANT_ID optional: true {{- end }} {{- if .Values.oauth.discord.enabled }} - name: HEMMELIG_AUTH_DISCORD_ID valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_DISCORD_ID - name: HEMMELIG_AUTH_DISCORD_SECRET valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_DISCORD_SECRET {{- end }} {{- if .Values.oauth.gitlab.enabled }} - name: HEMMELIG_AUTH_GITLAB_ID valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_GITLAB_ID - name: HEMMELIG_AUTH_GITLAB_SECRET valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_GITLAB_SECRET - name: HEMMELIG_AUTH_GITLAB_ISSUER valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_GITLAB_ISSUER optional: true {{- end }} {{- if .Values.oauth.apple.enabled }} - name: HEMMELIG_AUTH_APPLE_ID valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_APPLE_ID - name: HEMMELIG_AUTH_APPLE_SECRET valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_APPLE_SECRET {{- end }} {{- if .Values.oauth.twitter.enabled }} - name: HEMMELIG_AUTH_TWITTER_ID valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_TWITTER_ID - name: HEMMELIG_AUTH_TWITTER_SECRET valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_TWITTER_SECRET {{- end }} {{- if .Values.oauth.generic }} - name: HEMMELIG_AUTH_GENERIC_OAUTH valueFrom: secretKeyRef: name: {{ .Values.existingSecret }} key: HEMMELIG_AUTH_GENERIC_OAUTH {{- end }} {{- else }} # OAuth variables from default secret (when not using existingSecret) {{- if .Values.oauth.github.enabled }} - name: HEMMELIG_AUTH_GITHUB_ID valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_GITHUB_ID - name: HEMMELIG_AUTH_GITHUB_SECRET valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_GITHUB_SECRET {{- end }} {{- if .Values.oauth.google.enabled }} - name: HEMMELIG_AUTH_GOOGLE_ID valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_GOOGLE_ID - name: HEMMELIG_AUTH_GOOGLE_SECRET valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_GOOGLE_SECRET {{- end }} {{- if .Values.oauth.microsoft.enabled }} - name: HEMMELIG_AUTH_MICROSOFT_ID valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_MICROSOFT_ID - name: HEMMELIG_AUTH_MICROSOFT_SECRET valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_MICROSOFT_SECRET - name: HEMMELIG_AUTH_MICROSOFT_TENANT_ID valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_MICROSOFT_TENANT_ID optional: true {{- end }} {{- if .Values.oauth.discord.enabled }} - name: HEMMELIG_AUTH_DISCORD_ID valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_DISCORD_ID - name: HEMMELIG_AUTH_DISCORD_SECRET valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_DISCORD_SECRET {{- end }} {{- if .Values.oauth.gitlab.enabled }} - name: HEMMELIG_AUTH_GITLAB_ID valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_GITLAB_ID - name: HEMMELIG_AUTH_GITLAB_SECRET valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_GITLAB_SECRET - name: HEMMELIG_AUTH_GITLAB_ISSUER valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_GITLAB_ISSUER optional: true {{- end }} {{- if .Values.oauth.apple.enabled }} - name: HEMMELIG_AUTH_APPLE_ID valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_APPLE_ID - name: HEMMELIG_AUTH_APPLE_SECRET valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_APPLE_SECRET {{- end }} {{- if .Values.oauth.twitter.enabled }} - name: HEMMELIG_AUTH_TWITTER_ID valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_TWITTER_ID - name: HEMMELIG_AUTH_TWITTER_SECRET valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_TWITTER_SECRET {{- end }} {{- if .Values.oauth.generic }} - name: HEMMELIG_AUTH_GENERIC_OAUTH valueFrom: secretKeyRef: name: {{ include "hemmelig.fullname" . }} key: HEMMELIG_AUTH_GENERIC_OAUTH {{- end }} {{- end }} {{- end }} {{- with .Values.env }} {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: data mountPath: /app/database - name: uploads mountPath: /app/uploads livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: {{- toYaml .Values.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} volumes: - name: data {{- if .Values.persistence.data.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.data.existingClaim | default (printf "%s-data" (include "hemmelig.fullname" .)) }} {{- else }} emptyDir: {} {{- end }} - name: uploads {{- if .Values.persistence.uploads.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.uploads.existingClaim | default (printf "%s-uploads" (include "hemmelig.fullname" .)) }} {{- else }} emptyDir: {} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}