647 lines
28 KiB
YAML
647 lines
28 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
|
|
metadata:
|
|
name: {{ include "semaphoreui.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "semaphoreui.labels" . | nindent 4 }}
|
|
{{- with .Values.annotation }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
|
|
spec:
|
|
replicas: {{ .Values.replicaCount }}
|
|
{{- if .Values.updateStrategy }}
|
|
|
|
strategy:
|
|
{{ toYaml .Values.updateStrategy | nindent 4 }}
|
|
{{- end }}
|
|
|
|
selector:
|
|
matchLabels:
|
|
{{- include "semaphoreui.selectorLabels" . | nindent 6 }}
|
|
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "semaphoreui.labels" . | nindent 8 }}
|
|
annotations:
|
|
checksum/config: {{ (include (print $.Template.BasePath "/configmap.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- if and (not .Values.admin.existingSecret) (.Values.admin.create) }}
|
|
checksum/secret-admin: {{ (include (print $.Template.BasePath "/secret-admin.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- end }}
|
|
{{- if and (not .Values.database.existingSecret) (ne .Values.database.type "bolt") }}
|
|
checksum/secret-database: {{ (include (print $.Template.BasePath "/secret-database.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- end }}
|
|
{{- if and (not .Values.email.existingSecret) (.Values.email.alert) }}
|
|
checksum/secret-email: {{ (include (print $.Template.BasePath "/secret-email.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- end }}
|
|
{{- if not .Values.secrets.existingSecret }}
|
|
checksum/secret-general: {{ (include (print $.Template.BasePath "/secret-general.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- end }}
|
|
{{- if and (not .Values.ldap.existingSecret) (.Values.ldap.enable) }}
|
|
checksum/secret-ldap: {{ (include (print $.Template.BasePath "/secret-ldap.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- end }}
|
|
{{- if not .Values.runner.existingSecret }}
|
|
checksum/secret-runner: {{ (include (print $.Template.BasePath "/secret-runner.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- end }}
|
|
{{- if and (not .Values.slack.existingSecret) (.Values.slack.alert) }}
|
|
checksum/secret-slack: {{ (include (print $.Template.BasePath "/secret-slack.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- end }}
|
|
{{- if and (not .Values.telegram.existingSecret) (.Values.telegram.alert) }}
|
|
checksum/secret-telegram: {{ (include (print $.Template.BasePath "/secret-telegram.yaml") . | fromYaml).data | toYaml | sha256sum }}
|
|
{{- end }}
|
|
{{- if .Values.annotations }}
|
|
{{- toYaml .Values.annotations | nindent 8 }}
|
|
{{- end }}
|
|
|
|
spec:
|
|
{{- if .Values.dnsConfig }}
|
|
dnsConfig:
|
|
{{- toYaml .Values.dnsConfig | nindent 8 }}
|
|
|
|
{{- end }}
|
|
serviceAccountName: {{ include "semaphoreui.serviceAccountName" . }}
|
|
{{- if .Values.image.pullSecrets }}
|
|
|
|
imagePullSecrets:
|
|
{{- range .Values.image.pullSecrets }}
|
|
- name: {{ . }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- with .Values.securityContext }}
|
|
|
|
securityContext:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if or .Values.admin.create .Values.extraInitContainers .Values.customCertificates.enabled }}
|
|
|
|
initContainers:
|
|
{{- if .Values.customCertificates.enabled }}
|
|
- name: custom-ca-bundle
|
|
image: {{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
{{- with .Values.podSecurityContext }}
|
|
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
cp /etc/ssl/certs/ca-certificates.crt /work/ca-certificates.crt
|
|
printf '\n' >> /work/ca-certificates.crt
|
|
cat /custom-ca/{{ .Values.customCertificates.key }} >> /work/ca-certificates.crt
|
|
|
|
volumeMounts:
|
|
- name: custom-ca-src
|
|
mountPath: /custom-ca
|
|
readOnly: true
|
|
- name: custom-ca-bundle
|
|
mountPath: /work
|
|
{{- end }}
|
|
{{- if or .Values.admin.create }}
|
|
- name: admin
|
|
image: {{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
{{- with .Values.podSecurityContext }}
|
|
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
if ! semaphore user get --config=/etc/semaphore/config.json --login $(SEMAPHORE_ADMIN_USERNAME) >/dev/null; then
|
|
semaphore user add \
|
|
--config=/etc/semaphore/config.json \
|
|
--admin \
|
|
--name=$(SEMAPHORE_ADMIN_FULLNAME) \
|
|
--login=$(SEMAPHORE_ADMIN_USERNAME) \
|
|
--password=$(SEMAPHORE_ADMIN_PASSWORD) \
|
|
--email=$(SEMAPHORE_ADMIN_EMAIL)
|
|
else
|
|
echo "Admin already extists"
|
|
fi
|
|
|
|
env:
|
|
- name: SEMAPHORE_ADMIN_FULLNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.admin.existingSecret | default (printf "%s-admin" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.admin.fullnameKey }}
|
|
- name: SEMAPHORE_ADMIN_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.admin.existingSecret | default (printf "%s-admin" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.admin.usernameKey }}
|
|
- name: SEMAPHORE_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.admin.existingSecret | default (printf "%s-admin" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.admin.passwordKey }}
|
|
- name: SEMAPHORE_ADMIN_EMAIL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.admin.existingSecret | default (printf "%s-admin" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.admin.emailKey }}
|
|
- name: SEMAPHORE_PORT
|
|
value: {{ .Values.service.internalPort | quote }}
|
|
{{- if not (empty .Values.general.host) }}
|
|
- name: SEMAPHORE_WEB_ROOT
|
|
value: {{ .Values.general.host | quote }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_GIT_CLIENT
|
|
value: {{ .Values.general.gitClient | quote }}
|
|
- name: SEMAPHORE_TMP_PATH
|
|
value: {{ .Values.general.tmpPath | quote }}
|
|
- name: SEMAPHORE_SSH_PATH
|
|
value: {{ .Values.general.sshConfigPath | quote }}
|
|
- name: SEMAPHORE_MAX_PARALLEL_TASKS
|
|
value: {{ .Values.general.maxParallelTasks | quote }}
|
|
- name: SEMAPHORE_PASSWORD_LOGIN_DISABLED
|
|
value: {{ .Values.general.passwordLoginDisable | quote }}
|
|
- name: SEMAPHORE_NON_ADMIN_CAN_CREATE_PROJECT
|
|
value: {{ .Values.general.nonAdminCanCreateProject | quote }}
|
|
- name: SEMAPHORE_USE_REMOTE_RUNNER
|
|
value: {{ .Values.general.useRemoteRunner | quote }}
|
|
- name: SEMAPHORE_DB_DIALECT
|
|
value: {{ .Values.database.type | quote }}
|
|
{{- if eq .Values.database.type "bolt" }}
|
|
- name: SEMAPHORE_DB_HOST
|
|
value: {{ .Values.database.path | quote }}
|
|
{{- else }}
|
|
- name: SEMAPHORE_DB_HOST
|
|
value: {{ .Values.database.host | quote }}
|
|
- name: SEMAPHORE_DB_PORT
|
|
value: {{ .Values.database.port | quote }}
|
|
- name: SEMAPHORE_DB
|
|
value: {{ .Values.database.name | quote }}
|
|
{{- if .Values.database.usernameFromSecret }}
|
|
- name: SEMAPHORE_DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.database.existingSecret | default (printf "%s-database" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.database.usernameKey }}
|
|
{{- else }}
|
|
- name: SEMAPHORE_DB_USER
|
|
value: {{ .Values.database.username | quote }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_DB_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.database.existingSecret | default (printf "%s-database" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.database.passwordKey }}
|
|
{{- end }}
|
|
{{- if .Values.database.options }}
|
|
- name: SEMAPHORE_DB_OPTIONS
|
|
value: {{ .Values.database.options | toJson | quote }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_LDAP_ENABLE
|
|
value: {{ .Values.ldap.enable | quote }}
|
|
{{- if .Values.ldap.enable }}
|
|
- name: SEMAPHORE_LDAP_SERVER
|
|
value: {{ .Values.ldap.server | quote }}
|
|
- name: SEMAPHORE_LDAP_NEEDTLS
|
|
value: {{ .Values.ldap.needtls | quote }}
|
|
- name: SEMAPHORE_LDAP_SEARCH_DN
|
|
value: {{ .Values.ldap.searchdn | quote }}
|
|
- name: SEMAPHORE_LDAP_SEARCH_FILTER
|
|
value: {{ .Values.ldap.filter | quote }}
|
|
- name: SEMAPHORE_LDAP_BIND_DN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.ldap.existingSecret | default (printf "%s-ldap" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.ldap.binddnKey }}
|
|
- name: SEMAPHORE_LDAP_BIND_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.ldap.existingSecret | default (printf "%s-ldap" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.ldap.passwordKey }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_EMAIL_ALERT
|
|
value: {{ .Values.email.alert | quote }}
|
|
{{- if .Values.email.alert }}
|
|
- name: SEMAPHORE_EMAIL_SENDER
|
|
value: {{ .Values.email.sender | quote }}
|
|
- name: SEMAPHORE_EMAIL_HOST
|
|
value: {{ .Values.email.host | quote }}
|
|
- name: SEMAPHORE_EMAIL_PORT
|
|
value: {{ .Values.email.port | quote }}
|
|
- name: SEMAPHORE_EMAIL_SECURE
|
|
value: {{ .Values.email.secure | quote }}
|
|
- name: SEMAPHORE_EMAIL_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.email.existingSecret | default (printf "%s-email" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.email.usernameKey }}
|
|
- name: SEMAPHORE_EMAIL_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.email.existingSecret | default (printf "%s-email" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.email.passwordKey }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_TELEGRAM_ALERT
|
|
value: {{ .Values.telegram.alert | quote }}
|
|
{{- if .Values.telegram.alert }}
|
|
- name: SEMAPHORE_TELEGRAM_CHAT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.telegram.existingSecret | default (printf "%s-telegram" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.telegram.chatKey }}
|
|
- name: SEMAPHORE_TELEGRAM_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.telegram.existingSecret | default (printf "%s-telegram" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.telegram.tokenKey }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_SLACK_ALERT
|
|
value: {{ .Values.slack.alert | quote }}
|
|
{{- if .Values.slack.alert }}
|
|
- name: SEMAPHORE_SLACK_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.slack.existingSecret | default (printf "%s-slack" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.slack.urlKey }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_RUNNER_REGISTRATION_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.runner.existingSecret | default (printf "%s-runner" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.runner.tokenKey }}
|
|
- name: SEMAPHORE_COOKIE_HASH
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.secrets.cookieHashKey }}
|
|
- name: SEMAPHORE_COOKIE_ENCRYPTION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.secrets.cookieEncryptionKey }}
|
|
- name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.secrets.accesskeyEncryptionKey }}
|
|
{{- if .Values.customCertificates.enabled }}
|
|
- name: SSL_CERT_FILE
|
|
value: {{ .Values.customCertificates.mountPath | quote }}
|
|
- name: REQUESTS_CA_BUNDLE
|
|
value: {{ .Values.customCertificates.mountPath | quote }}
|
|
- name: GIT_SSL_CAINFO
|
|
value: {{ .Values.customCertificates.mountPath | quote }}
|
|
{{- end }}
|
|
{{- if or .Values.extraEnvSecrets .Values.extraEnvVariables }}
|
|
{{- range $key, $value := .Values.extraEnvSecrets }}
|
|
- name: {{ $key }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ required "Must specify secret!" $value.secret }}
|
|
key: {{ required "Must specify key!" $value.key }}
|
|
{{- end }}
|
|
{{- range $key, $value := .Values.extraEnvVariables }}
|
|
- name: {{ $key }}
|
|
value: "{{ $value }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if or .Values.envFromSecrets .Values.envFromConfigMaps }}
|
|
|
|
envFrom:
|
|
{{- range $name := .Values.envFromSecrets }}
|
|
- secretRef:
|
|
name: {{ $name }}
|
|
{{- end }}
|
|
{{- range $name := .Values.envFromConfigMaps }}
|
|
- configMapRef:
|
|
name: {{ $name }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.resources }}
|
|
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
{{- end }}
|
|
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/semaphore/config.json
|
|
subPath: config.json
|
|
{{- if .Values.customCertificates.enabled }}
|
|
- name: custom-ca-bundle
|
|
mountPath: {{ .Values.customCertificates.mountPath | quote }}
|
|
subPath: ca-certificates.crt
|
|
readOnly: true
|
|
{{- end }}
|
|
- name: workdir
|
|
mountPath: {{ .Values.general.tmpPath }}
|
|
{{- if eq .Values.database.type "bolt" }}
|
|
- name: boltdb
|
|
mountPath: {{ .Values.database.path | dir }}
|
|
{{- end }}
|
|
{{- if .Values.general.additionalPythonPackages }}
|
|
- name: config
|
|
mountPath: /etc/semaphore/requirements.txt
|
|
subPath: requirements.txt
|
|
{{- end }}
|
|
{{- if .Values.extraVolumeMounts }}
|
|
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.extraInitContainers }}
|
|
{{- toYaml .Values.extraInitContainers | nindent 8 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
image: {{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
{{- with .Values.podSecurityContext }}
|
|
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
|
|
env:
|
|
- name: SEMAPHORE_PORT
|
|
value: {{ .Values.service.internalPort | quote }}
|
|
{{- if not (empty .Values.general.host) }}
|
|
- name: SEMAPHORE_WEB_ROOT
|
|
value: {{ .Values.general.host | quote }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_GIT_CLIENT
|
|
value: {{ .Values.general.gitClient | quote }}
|
|
- name: SEMAPHORE_TMP_PATH
|
|
value: {{ .Values.general.tmpPath | quote }}
|
|
- name: SEMAPHORE_MAX_PARALLEL_TASKS
|
|
value: {{ .Values.general.maxParallelTasks | quote }}
|
|
- name: SEMAPHORE_PASSWORD_LOGIN_DISABLED
|
|
value: {{ .Values.general.passwordLoginDisable | quote }}
|
|
- name: SEMAPHORE_NON_ADMIN_CAN_CREATE_PROJECT
|
|
value: {{ .Values.general.nonAdminCanCreateProject | quote }}
|
|
- name: SEMAPHORE_USE_REMOTE_RUNNER
|
|
value: {{ .Values.general.useRemoteRunner | quote }}
|
|
- name: SEMAPHORE_DB_DIALECT
|
|
value: {{ .Values.database.type | quote }}
|
|
{{- if eq .Values.database.type "bolt" }}
|
|
- name: SEMAPHORE_DB_HOST
|
|
value: {{ .Values.database.path | quote }}
|
|
{{- else }}
|
|
- name: SEMAPHORE_DB_HOST
|
|
value: {{ .Values.database.host | quote }}
|
|
- name: SEMAPHORE_DB_PORT
|
|
value: {{ .Values.database.port | quote }}
|
|
- name: SEMAPHORE_DB
|
|
value: {{ .Values.database.name | quote }}
|
|
{{- if .Values.database.usernameFromSecret }}
|
|
- name: SEMAPHORE_DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.database.existingSecret | default (printf "%s-database" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.database.usernameKey }}
|
|
{{- else }}
|
|
- name: SEMAPHORE_DB_USER
|
|
value: {{ .Values.database.username | quote }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_DB_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.database.existingSecret | default (printf "%s-database" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.database.passwordKey }}
|
|
{{- end }}
|
|
{{- with include "semaphoreui.databaseOptions" . | fromYaml }}
|
|
{{- if . }}
|
|
- name: SEMAPHORE_DB_OPTIONS
|
|
value: {{ . | toJson | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_LDAP_ENABLE
|
|
value: {{ .Values.ldap.enable | quote }}
|
|
{{- if .Values.ldap.enable }}
|
|
- name: SEMAPHORE_LDAP_SERVER
|
|
value: {{ .Values.ldap.server | quote }}
|
|
- name: SEMAPHORE_LDAP_NEEDTLS
|
|
value: {{ .Values.ldap.needtls | quote }}
|
|
- name: SEMAPHORE_LDAP_SEARCH_DN
|
|
value: {{ .Values.ldap.searchdn | quote }}
|
|
- name: SEMAPHORE_LDAP_SEARCH_FILTER
|
|
value: {{ .Values.ldap.filter | quote }}
|
|
- name: SEMAPHORE_LDAP_BIND_DN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.ldap.existingSecret | default (printf "%s-ldap" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.ldap.binddnKey }}
|
|
- name: SEMAPHORE_LDAP_BIND_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.ldap.existingSecret | default (printf "%s-ldap" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.ldap.passwordKey }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_EMAIL_ALERT
|
|
value: {{ .Values.email.alert | quote }}
|
|
{{- if .Values.email.alert }}
|
|
- name: SEMAPHORE_EMAIL_SENDER
|
|
value: {{ .Values.email.sender | quote }}
|
|
- name: SEMAPHORE_EMAIL_HOST
|
|
value: {{ .Values.email.host | quote }}
|
|
- name: SEMAPHORE_EMAIL_PORT
|
|
value: {{ .Values.email.port | quote }}
|
|
- name: SEMAPHORE_EMAIL_SECURE
|
|
value: {{ .Values.email.secure | quote }}
|
|
- name: SEMAPHORE_EMAIL_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.email.existingSecret | default (printf "%s-email" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.email.usernameKey }}
|
|
- name: SEMAPHORE_EMAIL_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.email.existingSecret | default (printf "%s-email" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.email.passwordKey }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_TELEGRAM_ALERT
|
|
value: {{ .Values.telegram.alert | quote }}
|
|
{{- if .Values.telegram.alert }}
|
|
- name: SEMAPHORE_TELEGRAM_CHAT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.telegram.existingSecret | default (printf "%s-telegram" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.telegram.chatKey }}
|
|
- name: SEMAPHORE_TELEGRAM_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.telegram.existingSecret | default (printf "%s-telegram" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.telegram.tokenKey }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_SLACK_ALERT
|
|
value: {{ .Values.slack.alert | quote }}
|
|
{{- if .Values.slack.alert }}
|
|
- name: SEMAPHORE_SLACK_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.slack.existingSecret | default (printf "%s-slack" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.slack.urlKey }}
|
|
{{- end }}
|
|
- name: SEMAPHORE_RUNNER_REGISTRATION_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.runner.existingSecret | default (printf "%s-runner" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.runner.tokenKey }}
|
|
- name: SEMAPHORE_COOKIE_HASH
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.secrets.cookieHashKey }}
|
|
- name: SEMAPHORE_COOKIE_ENCRYPTION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.secrets.cookieEncryptionKey }}
|
|
- name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "semaphoreui.fullname" .)) }}
|
|
key: {{ .Values.secrets.accesskeyEncryptionKey }}
|
|
{{- if .Values.customCertificates.enabled }}
|
|
- name: SSL_CERT_FILE
|
|
value: {{ .Values.customCertificates.mountPath | quote }}
|
|
- name: REQUESTS_CA_BUNDLE
|
|
value: {{ .Values.customCertificates.mountPath | quote }}
|
|
- name: GIT_SSL_CAINFO
|
|
value: {{ .Values.customCertificates.mountPath | quote }}
|
|
{{- end }}
|
|
{{- if or .Values.extraEnvSecrets .Values.extraEnvVariables }}
|
|
{{- range $key, $value := .Values.extraEnvSecrets }}
|
|
- name: {{ $key }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ required "Must specify secret!" $value.secret }}
|
|
key: {{ required "Must specify key!" $value.key }}
|
|
{{- end }}
|
|
{{- range $key, $value := .Values.extraEnvVariables }}
|
|
- name: {{ $key }}
|
|
value: "{{ $value }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if or .Values.envFromSecrets .Values.envFromConfigMaps }}
|
|
|
|
envFrom:
|
|
{{- range $name := .Values.envFromSecrets }}
|
|
- secretRef:
|
|
name: {{ $name }}
|
|
{{- end }}
|
|
{{- range $name := .Values.envFromConfigMaps }}
|
|
- configMapRef:
|
|
name: {{ $name }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.service.internalPort }}
|
|
protocol: TCP
|
|
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
{{- if .Values.resources }}
|
|
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
{{- end }}
|
|
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/semaphore/config.json
|
|
subPath: config.json
|
|
{{- if .Values.customCertificates.enabled }}
|
|
- name: custom-ca-bundle
|
|
mountPath: {{ .Values.customCertificates.mountPath | quote }}
|
|
subPath: ca-certificates.crt
|
|
readOnly: true
|
|
{{- end }}
|
|
- name: workdir
|
|
mountPath: {{ .Values.general.tmpPath }}
|
|
{{- if eq .Values.database.type "bolt" }}
|
|
- name: boltdb
|
|
mountPath: {{ .Values.database.path | dir }}
|
|
{{- end }}
|
|
{{- if .Values.general.additionalPythonPackages }}
|
|
- name: config
|
|
mountPath: /etc/semaphore/requirements.txt
|
|
subPath: requirements.txt
|
|
{{- end }}
|
|
{{- if .Values.extraVolumeMounts }}
|
|
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.extraSidecarContainers }}
|
|
{{- toYaml .Values.extraSidecarContainers | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.nodeSelector }}
|
|
|
|
nodeSelector:
|
|
{{ toYaml .Values.nodeSelector | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
|
|
affinity:
|
|
{{ toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
|
|
tolerations:
|
|
{{ toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: {{ include "semaphoreui.fullname" . }}-config
|
|
{{- if .Values.customCertificates.enabled }}
|
|
- name: custom-ca-src
|
|
{{- if .Values.customCertificates.existingSecret }}
|
|
secret:
|
|
secretName: {{ .Values.customCertificates.existingSecret }}
|
|
{{- else if .Values.customCertificates.existingConfigMap }}
|
|
configMap:
|
|
name: {{ .Values.customCertificates.existingConfigMap }}
|
|
{{- else }}
|
|
{{- required "customCertificates.existingSecret or customCertificates.existingConfigMap is required when customCertificates.enabled=true" "" }}
|
|
{{- end }}
|
|
- name: custom-ca-bundle
|
|
emptyDir: {}
|
|
{{- end }}
|
|
- name: workdir
|
|
{{- if .Values.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-workdir" (include "semaphoreui.fullname" .)) }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- if eq .Values.database.type "bolt" }}
|
|
- name: boltdb
|
|
{{- if .Values.database.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.database.persistence.existingClaim | default (printf "%s-boltdb" (include "semaphoreui.fullname" .)) }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.extraVolumes }}
|
|
{{- toYaml .Values.extraVolumes | nindent 8 }}
|
|
{{- end }}
|