apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/name: "magicleaps-authentication" app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.logIngest.enabled }} annotations: opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/opentelemetry.yaml") . | sha256sum }} {{- end }} name: "{{ .Release.Name }}" namespace: {{ .Release.Namespace | quote }} spec: selector: matchLabels: app.kubernetes.io/name: "magicleaps-authentication" app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} replicas: {{ .Values.authentication.replicas }} template: metadata: labels: app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/name: "magicleaps-authentication" app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} annotations: app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/authentication-config.yaml") . | sha256sum }} {{- if .Values.logIngest.enabled }} opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/authentication/opentelemetry.yaml") . | sha256sum }} sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector" {{- end }} spec: {{- if .Values.logIngest.enabled }} serviceAccountName: "{{ .Release.Name }}-otel-collector" {{- end }} containers: - name: "magicleaps-authentication" image: "{{ coalesce .Values.authentication.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.authentication.image.repository .Values.global.repository }}/{{ .Values.authentication.image.name }}:{{ .Values.authentication.image.tag | default "latest" }}" imagePullPolicy: {{ .Values.authentication.image.imagePullPolicy | default "IfNotPresent" }} ports: {{- range $port := .Values.authentication.ports }} - containerPort: {{ $port.containerPort }} name: {{ $port.name }} protocol: {{ $port.protocol }} {{- end }} {{- if .Values.authentication.resources }} resources: {{- toYaml .Values.authentication.resources | nindent 12 }} {{- end }} {{- if .Values.authentication.probes }} {{- if and (.Values.authentication.probes.liveness) (eq .Values.authentication.probes.liveness.type "httpGet") }} livenessProbe: httpGet: path: {{ .Values.authentication.probes.liveness.config.path }} port: {{ .Values.authentication.probes.liveness.config.port }} {{- if .Values.authentication.probes.liveness.config.initialDelaySeconds }} initialDelaySeconds: {{ .Values.authentication.probes.liveness.config.initialDelaySeconds }} {{- end }} {{- if .Values.authentication.probes.liveness.config.periodSeconds }} periodSeconds: {{ .Values.authentication.probes.liveness.config.periodSeconds }} {{- end }} {{- if .Values.authentication.probes.liveness.config.timeoutSeconds }} timeoutSeconds: {{ .Values.authentication.probes.liveness.config.timeoutSeconds }} {{- end }} {{- if .Values.authentication.probes.liveness.config.successThreshold }} successThreshold: {{ .Values.authentication.probes.liveness.config.successThreshold }} {{- end }} {{- if .Values.authentication.probes.liveness.config.failureThreshold }} failureThreshold: {{ .Values.authentication.probes.liveness.config.failureThreshold }} {{- end }} {{- if .Values.authentication.probes.liveness.config.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.authentication.probes.liveness.config.terminationGracePeriodSeconds }} {{- end }} {{- end }} {{- if and (.Values.authentication.probes.readiness) (eq .Values.authentication.probes.readiness.type "httpGet") }} readinessProbe: httpGet: path: {{ .Values.authentication.probes.readiness.config.path }} port: {{ .Values.authentication.probes.readiness.config.port }} {{- if .Values.authentication.probes.readiness.config.initialDelaySeconds }} initialDelaySeconds: {{ .Values.authentication.probes.readiness.config.initialDelaySeconds }} {{- end }} {{- if .Values.authentication.probes.readiness.config.periodSeconds }} periodSeconds: {{ .Values.authentication.probes.readiness.config.periodSeconds }} {{- end }} {{- if .Values.authentication.probes.readiness.config.timeoutSeconds }} timeoutSeconds: {{ .Values.authentication.probes.readiness.config.timeoutSeconds }} {{- end }} {{- if .Values.authentication.probes.readiness.config.successThreshold }} successThreshold: {{ .Values.authentication.probes.readiness.config.successThreshold }} {{- end }} {{- if .Values.authentication.probes.readiness.config.failureThreshold }} failureThreshold: {{ .Values.authentication.probes.readiness.config.failureThreshold }} {{- end }} {{- end }} {{- end}} env: {{- range $key, $value := .Values.authentication.configs }} {{- if not (or (eq $key "jwtSecretKey") (eq $key "mongodbUri")) }} - name: {{ $key | snakecase | upper }} value: {{ $value | quote }} {{- end }} {{- end }} # inject from secret created by FreeleapsSecret object {{- if .Values.authentication.secrets }} {{ $targetSecretName := .Values.authentication.secrets.target.name }} {{- range .Values.authentication.secrets.data }} - name: {{ .key | snakecase | upper }} valueFrom: secretKeyRef: name: {{ $targetSecretName }} key: {{ .key }} {{- end }} {{- end }} {{- if .Values.logIngest.enabled }} volumeMounts: - name: app-logs mountPath: {{ .Values.logIngest.logPath }} {{- end }} {{- if .Values.logIngest.enabled }} volumes: - name: app-logs emptyDir: {} {{- end }}