303 lines
15 KiB
YAML
303 lines
15 KiB
YAML
{{- /*
|
|
Copyright VMware, Inc.
|
|
SPDX-License-Identifier: APACHE-2.0
|
|
*/}}
|
|
|
|
{{- if include "ghost.host" . -}}
|
|
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "common.names.fullname" . }}
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
app.kubernetes.io/component: ghost
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.service.annotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
selector:
|
|
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
|
|
replicas: {{ .Values.replicaCount }}
|
|
strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
|
|
template:
|
|
metadata:
|
|
labels: {{- include "common.labels.standard" . | nindent 8 }}
|
|
app.kubernetes.io/component: ghost
|
|
{{- if .Values.podLabels }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
annotations:
|
|
{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }}
|
|
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
|
|
{{- end }}
|
|
{{- if .Values.podAnnotations }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $ ) | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- include "ghost.imagePullSecrets" . | nindent 6 }}
|
|
{{- if .Values.hostAliases }}
|
|
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.affinity }}
|
|
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
|
|
{{- else }}
|
|
affinity:
|
|
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
|
|
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
|
|
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
|
|
{{- end }}
|
|
{{- if .Values.nodeSelector }}
|
|
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.tolerations }}
|
|
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.priorityClassName }}
|
|
priorityClassName: {{ .Values.priorityClassName | quote }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "ghost.serviceAccountName" . }}
|
|
{{- if .Values.schedulerName }}
|
|
schedulerName: {{ .Values.schedulerName }}
|
|
{{- end }}
|
|
{{- if .Values.topologySpreadConstraints }}
|
|
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.podSecurityContext.enabled }}
|
|
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
|
{{- end }}
|
|
{{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.initContainers }}
|
|
initContainers:
|
|
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
|
|
- name: volume-permissions
|
|
image: {{ include "ghost.volumePermissions.image" . }}
|
|
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
|
command:
|
|
- /bin/bash
|
|
args:
|
|
- -ec
|
|
- |
|
|
mkdir -p /bitnami/ghost
|
|
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" /bitnami/ghost
|
|
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
|
|
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
|
|
{{- else }}
|
|
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.volumePermissions.resources }}
|
|
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: ghost-data
|
|
mountPath: /bitnami/ghost
|
|
{{- if .Values.persistence.subPath }}
|
|
subPath: {{ .Values.persistence.subPath }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.initContainers }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ include "common.names.fullname" . }}
|
|
image: {{ include "ghost.image" . }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
|
{{- if .Values.containerSecurityContext.enabled }}
|
|
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.lifecycleHooks }}
|
|
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.command }}
|
|
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.args }}
|
|
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
env:
|
|
- name: BITNAMI_DEBUG
|
|
value: {{ ternary "true" "false" .Values.image.debug | quote }}
|
|
- name: ALLOW_EMPTY_PASSWORD
|
|
value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }}
|
|
- name: GHOST_DATABASE_HOST
|
|
value: {{ include "ghost.databaseHost" . | quote }}
|
|
- name: GHOST_DATABASE_PORT_NUMBER
|
|
value: {{ include "ghost.databasePort" . | quote }}
|
|
- name: GHOST_DATABASE_NAME
|
|
value: {{ include "ghost.databaseName" . | quote }}
|
|
- name: GHOST_DATABASE_USER
|
|
value: {{ include "ghost.databaseUser" . | quote }}
|
|
- name: GHOST_DATABASE_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "ghost.databaseSecretName" . }}
|
|
key: mysql-password
|
|
{{- if (and (not .Values.mysql.enabled) .Values.externalDatabase.ssl) }}
|
|
- name: GHOST_DATABASE_ENABLE_SSL
|
|
value: {{ .Values.externalDatabase.ssl | quote }}
|
|
- name: MYSQL_CLIENT_ENABLE_SSL
|
|
value: {{ ternary "yes" "no" .Values.externalDatabase.ssl | quote }}
|
|
- name: GHOST_DATABASE_SSL_CA_FILE
|
|
value: {{ .Values.externalDatabase.sslCaFile | quote }}
|
|
{{- end }}
|
|
- name: GHOST_HOST
|
|
value: {{ include "ghost.host" . | quote }}
|
|
- name: GHOST_PORT_NUMBER
|
|
value: {{ ternary .Values.containerPorts.https .Values.containerPorts.http .Values.ghostEnableHttps | quote }}
|
|
- name: GHOST_USERNAME
|
|
value: {{ .Values.ghostUsername | quote }}
|
|
- name: GHOST_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
|
|
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "ghost-password") }}
|
|
- name: GHOST_EMAIL
|
|
value: {{ .Values.ghostEmail | quote }}
|
|
- name: GHOST_BLOG_TITLE
|
|
value: {{ .Values.ghostBlogTitle | quote }}
|
|
- name: GHOST_ENABLE_HTTPS
|
|
value: {{ ternary "yes" "no" .Values.ghostEnableHttps | quote }}
|
|
- name: GHOST_EXTERNAL_HTTP_PORT_NUMBER
|
|
value: {{ coalesce .Values.service.ports.http .Values.service.port| quote }}
|
|
- name: GHOST_EXTERNAL_HTTPS_PORT_NUMBER
|
|
value: {{ coalesce .Values.service.ports.https .Values.service.httpsPort| quote }}
|
|
- name: GHOST_SKIP_BOOTSTRAP
|
|
value: {{ ternary "yes" "no" .Values.ghostSkipInstall | quote }}
|
|
{{- if .Values.smtpHost }}
|
|
- name: GHOST_SMTP_HOST
|
|
value: {{ .Values.smtpHost | quote }}
|
|
{{- end }}
|
|
{{- if .Values.smtpPort }}
|
|
- name: GHOST_SMTP_PORT
|
|
value: {{ .Values.smtpPort | quote }}
|
|
{{- end }}
|
|
{{- if .Values.smtpUser }}
|
|
- name: GHOST_SMTP_USER
|
|
value: {{ .Values.smtpUser | quote }}
|
|
{{- end }}
|
|
{{- if .Values.smtpPassword }}
|
|
- name: GHOST_SMTP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
|
|
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "smtp-password") }}
|
|
{{- end }}
|
|
{{- if .Values.smtpService }}
|
|
- name: GHOST_SMTP_SERVICE
|
|
value: {{ .Values.smtpService | quote }}
|
|
{{- end }}
|
|
{{- if .Values.smtpProtocol }}
|
|
- name: GHOST_SMTP_PROTOCOL
|
|
value: {{ .Values.smtpProtocol | quote }}
|
|
{{- end }}
|
|
{{- if .Values.extraEnvVars }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
|
|
envFrom:
|
|
{{- if .Values.extraEnvVarsCM }}
|
|
- configMapRef:
|
|
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
|
|
{{- end }}
|
|
{{- if .Values.extraEnvVarsSecret }}
|
|
- secretRef:
|
|
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
|
|
{{- end }}
|
|
{{- end }}
|
|
ports:
|
|
{{- if .Values.ghostEnableHttps }}
|
|
- name: https
|
|
containerPort: {{ .Values.containerPorts.https }}
|
|
protocol: TCP
|
|
{{- else }}
|
|
- name: http
|
|
containerPort: {{ .Values.containerPorts.http }}
|
|
protocol: TCP
|
|
{{- end }}
|
|
{{- if .Values.customStartupProbe }}
|
|
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
|
|
{{- else if .Values.startupProbe.enabled }}
|
|
startupProbe:
|
|
httpGet:
|
|
path: /
|
|
port: {{ ternary "https" "http" .Values.ghostEnableHttps | quote }}
|
|
scheme: HTTP
|
|
{{- if .Values.ghostEnableHttps }}
|
|
httpHeaders:
|
|
- name: x-forwarded-proto
|
|
value: https
|
|
{{- end }}
|
|
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
|
|
successThreshold: {{ .Values.startupProbe.successThreshold }}
|
|
{{- end }}
|
|
{{- if .Values.customLivenessProbe }}
|
|
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
|
|
{{- else if .Values.livenessProbe.enabled }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: {{ ternary "https" "http" .Values.ghostEnableHttps | quote }}
|
|
scheme: HTTP
|
|
{{- if .Values.ghostEnableHttps }}
|
|
httpHeaders:
|
|
- name: x-forwarded-proto
|
|
value: https
|
|
{{- end }}
|
|
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
|
|
successThreshold: {{ .Values.livenessProbe.successThreshold }}
|
|
{{- end }}
|
|
{{- if .Values.customReadinessProbe }}
|
|
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
|
|
{{- else if .Values.readinessProbe.enabled }}
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: {{ ternary "https" "http" .Values.ghostEnableHttps | quote }}
|
|
scheme: HTTP
|
|
{{- if .Values.ghostEnableHttps }}
|
|
httpHeaders:
|
|
- name: x-forwarded-proto
|
|
value: https
|
|
{{- end }}
|
|
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
|
|
successThreshold: {{ .Values.readinessProbe.successThreshold }}
|
|
{{- end }}
|
|
{{- if .Values.resources }}
|
|
resources: {{- toYaml .Values.resources | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: ghost-data
|
|
mountPath: /bitnami/ghost
|
|
{{- if .Values.persistence.subPath }}
|
|
subPath: {{ .Values.persistence.subPath }}
|
|
{{- end }}
|
|
{{- if .Values.extraVolumeMounts }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.sidecars }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: ghost-data
|
|
{{- if .Values.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- if .Values.extraVolumes }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- end -}}
|