apiVersion: apps/v1 kind: Deployment metadata: name: {{.Release.Name}}-web namespace: {{.Release.Namespace}} labels: app.kubernetes.io/component: web {{- include "chart.labels" . | nindent 4 }} spec: replicas: {{ .Values.web.replicaCount }} selector: matchLabels: app.kubernetes.io/component: web {{- include "chart.selectorLabels" . | nindent 6 }} template: metadata: labels: app.kubernetes.io/component: web {{- include "chart.labels" . | nindent 8 }} annotations: checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/config-map: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 containers: - name: {{.Release.Name}}-web {{- with .Values.web.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag | default .Chart.AppVersion }}" imagePullPolicy: "{{ .Values.imagePullPolicy | default "Always" }}" ports: - name: web containerPort: {{ .Values.web.service.port }} protocol: TCP {{- with .Values.web.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.web.readinessProbe }} readinessProbe: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.web.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: web-uploads mountPath: /app/uploads - name: nginx-config mountPath: /etc/nginx/conf.d readOnly: true volumes: - name: web-uploads persistentVolumeClaim: claimName: {{.Release.Name}}-uploads - name: nginx-config configMap: name: {{.Release.Name}}-nginx-config --- apiVersion: apps/v1 kind: Deployment metadata: name: {{.Release.Name}}-backend namespace: {{.Release.Namespace}} labels: app.kubernetes.io/component: backend {{- include "chart.labels" . | nindent 4 }} spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: backend {{- include "chart.selectorLabels" . | nindent 6 }} template: metadata: annotations: checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/config-map: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: app.kubernetes.io/component: backend {{- include "chart.labels" . | nindent 8 }} spec: securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 containers: - name: {{.Release.Name}}-backend {{- with .Values.backend.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" imagePullPolicy: "{{ .Values.imagePullPolicy | default "Always" }}" env: - name: UPLOAD_DIR value: /app/uploads - name: SPRING_CONFIG_LOCATION value: /app/applicaton.yml - name: JWT_SECRET valueFrom: secretKeyRef: name: blog-backend key: JWT_SECRET - name: JWT_ISSUER valueFrom: secretKeyRef: name: blog-backend key: JWT_ISSUER - name: JWT_SUBJECT valueFrom: secretKeyRef: name: blog-backend key: JWT_SUBJECT - name: JWT_EXPIRE valueFrom: secretKeyRef: name: blog-backend key: JWT_EXPIRE - name: DB_USER_NAME valueFrom: secretKeyRef: name: blog-backend key: DB_USER_NAME - name: DB_USER_PWD valueFrom: secretKeyRef: name: blog-backend key: DB_USER_PWD - name: MAIL_PORT valueFrom: secretKeyRef: name: blog-backend key: MAIL_PORT - name: MAIL_HOST valueFrom: secretKeyRef: name: blog-backend key: MAIL_HOST - name: MAIL_USERNAME valueFrom: secretKeyRef: name: blog-backend key: MAIL_USERNAME - name: MAIL_USER_PWD valueFrom: secretKeyRef: name: blog-backend key: MAIL_USER_PWD ports: - name: backend containerPort: {{ .Values.backend.service.port }} protocol: TCP {{- with .Values.backend.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.backend.readinessProbe }} readinessProbe: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.backend.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: web-uploads mountPath: /app/uploads - name: blog-application mountPath: /app/application.yml subPath: application.yml - name: tmp mountPath: /tmp volumes: - name: web-uploads persistentVolumeClaim: claimName: {{.Release.Name}}-uploads - name: blog-application configMap: name: {{.Release.Name}}-application-config - name: tmp emptyDir: {}