oc-k8s/opencloud/charts/keto/templates/deployment.yaml

{{- $podAnnotations := ternary .Values.deployment.podAnnotations .Values.podAnnotations (not (empty .Values.deployment.podAnnotations )) -}}
{{- $automountServiceAccountToken := ternary .Values.deployment.automountServiceAccountToken .Values.automountServiceAccountToken (not (empty .Values.deployment.automountServiceAccountToken )) -}}
{{- $livenessProbe := ternary .Values.deployment.livenessProbe .Values.livenessProbe (not (empty .Values.deployment.livenessProbe )) -}}
{{- $readinessProbe := ternary .Values.deployment.readinessProbe .Values.readinessProbe (not (empty .Values.deployment.readinessProbe )) -}}
{{- $autoscaling := ternary .Values.deployment.autoscaling .Values.autoscaling (not (empty .Values.deployment.autoscaling )) -}}
{{- $resources := ternary .Values.deployment.resources .Values.resources (not (empty .Values.deployment.resources )) -}}
{{- $extraInitContainers := ternary .Values.deployment.extraInitContainers .Values.extraInitContainers (not (empty .Values.deployment.extraInitContainers )) -}}
{{- $extraContainers := ternary .Values.deployment.extraContainers .Values.extraContainers (not (empty .Values.deployment.extraContainers )) -}}
{{- $extraLabels := ternary .Values.deployment.extraLabels .Values.extraLabels (not (empty .Values.deployment.extraLabels )) -}}
{{- $extraVolumeMounts := ternary .Values.deployment.extraVolumeMounts .Values.extraVolumeMounts (not (empty .Values.deployment.extraVolumeMounts )) -}}
{{- $extraVolumes := ternary .Values.deployment.extraVolumes .Values.extraVolumes (not (empty .Values.deployment.extraVolumes )) -}}
{{- $nodeSelector := ternary .Values.deployment.nodeSelector .Values.nodeSelector (not (empty .Values.deployment.nodeSelector )) -}}
{{- $affinity := ternary .Values.deployment.affinity .Values.affinity (not (empty .Values.deployment.affinity )) -}}
{{- $tolerations := ternary .Values.deployment.tolerations .Values.tolerations (not (empty .Values.deployment.tolerations )) -}}
{{- $topologySpreadConstraints := ternary .Values.deployment.topologySpreadConstraints .Values.topologySpreadConstraints (not (empty .Values.deployment.topologySpreadConstraints )) -}}
{{- include "keto.automigration.typeVerification" . -}}
{{- $migrationExtraEnv := ternary .Values.deployment.automigration.extraEnv .Values.deployment.extraEnv (not (empty .Values.deployment.automigration.extraEnv )) -}}

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "keto.fullname" . }}
  {{- if .Release.Namespace }}
  namespace: {{ .Release.Namespace }}
  {{- end }}
  labels:
    {{- include "keto.labels" . | nindent 4 }}
    {{- with $extraLabels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  annotations:
    {{- with .Values.deployment.annotations }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
spec:
  minReadySeconds: {{ .Values.deployment.minReadySeconds }}
{{- if not $autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
{{- end }}
  revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}
  strategy:
    {{- toYaml .Values.deployment.strategy | nindent 4 }}
  selector:
    matchLabels:
      {{- include "keto.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
        {{- include "keto.annotations.checksum" . | indent 8 -}}
        {{- with $podAnnotations }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with $.Values.deployment.podMetadata.annotations }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      labels:
        {{- include "keto.selectorLabels" . | nindent 8 }}
        {{- with $extraLabels }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with $.Values.deployment.podMetadata.labels }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      initContainers:
      {{- if $extraInitContainers}}
        {{- tpl $extraInitContainers . | nindent 8 }}
      {{- end }}
      {{- if and ( .Values.keto.automigration.enabled ) ( eq .Values.keto.automigration.type "initContainer" ) }}
        - name: {{ .Chart.Name }}-automigrate
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          {{- if .Values.keto.automigration.customCommand }}
          command: {{- toYaml .Values.keto.automigration.customCommand | nindent 12 }}
          {{- else }}
          command: ["keto"]
          {{- end }}
          {{- if .Values.keto.automigration.customArgs }}
          args: {{- toYaml .Values.keto.automigration.customArgs | nindent 12 }}
          {{- else }}
          args: [ "migrate", "up", "-y", "--config", "/etc/config/keto.yaml" ]
          {{- end }}
          volumeMounts:
            - name: {{ include "keto.name" . }}-config-volume
              mountPath: /etc/config
              readOnly: true
          {{- with $extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
          env:
            {{- if not (empty ( include "keto.dsn" . )) }}
              {{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }}
            - name: DSN
              valueFrom:
                secretKeyRef:
                  name: {{ include "keto.secretname" . }}
                  key: dsn
              {{- end }}
            {{- end }}
            {{- if $migrationExtraEnv }}
              {{- tpl (toYaml $migrationExtraEnv) . | nindent 12 }}
            {{- end }}
          {{- with .Values.keto.automigration.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- end }}
      serviceAccountName: {{ include "keto.serviceAccountName" . }}
      automountServiceAccountToken: {{ $automountServiceAccountToken }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
      containers:
        - name: {{ .Chart.Name }}
          {{- with .Values.securityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command: {{- toYaml .Values.keto.command | nindent 12 }}
          {{- if .Values.keto.customArgs }}
          args: {{- toYaml .Values.keto.customArgs | nindent 12 }}
          {{- else }}
          args:
            - serve
            - --config
            - /etc/config/keto.yaml
          {{- end }}
          ports:
            - name: {{ .Values.service.read.name }}
              containerPort: {{ .Values.keto.config.serve.read.port }}
              protocol: TCP
            - name: {{ .Values.service.write.name }}
              containerPort: {{ .Values.keto.config.serve.write.port }}
              protocol: TCP
            - name: {{ .Values.service.metrics.name }}
              containerPort: {{ .Values.keto.config.serve.metrics.port }}
              protocol: TCP
            {{- with .Values.deployment.extraPorts }}
              {{- toYaml . | nindent 12 }}
            {{- end }}
          lifecycle:
            {{- toYaml .Values.deployment.lifecycle | nindent 12 }}
          {{- if .Values.deployment.customLivenessProbe }}
          livenessProbe:
            {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }}
          {{- end }}
          readinessProbe:
            {{- if .Values.deployment.customReadinessProbe }} 
              {{- toYaml .Values.deployment.customReadinessProbe | nindent 12 }}
            {{- else }}
            httpGet:
              path: /health/alive
              port: {{ .Values.keto.config.serve.write.port }}
              httpHeaders:
                - name: Host
                  value: '127.0.0.1'
          {{- toYaml $readinessProbe | nindent 12 }}
          {{- end }}
          startupProbe:
            {{- if .Values.deployment.customStartupProbe }} 
              {{- toYaml .Values.deployment.customStartupProbe | nindent 12 }}
            {{- else }}
            httpGet:
              path: /health/ready
              port: {{ .Values.keto.config.serve.write.port }}
              httpHeaders:
                - name: Host
                  value: '127.0.0.1'
            {{- toYaml .Values.deployment.startupProbe | nindent 12 }}
            {{- end }}
          resources:
            {{- toYaml $resources | nindent 12 }}
          env:
            {{- if not (empty ( include "keto.dsn" . )) }}
              {{- if not (include "ory.extraEnvContainsEnvName" (list .Values.deployment.extraEnv "DSN")) }}
            - name: DSN
              valueFrom:
                secretKeyRef:
                  name: {{ include "keto.secretname" . }}
                  key: dsn
              {{- end }}
            {{- end }}
            {{- if .Values.deployment.extraEnv }}
              {{- tpl (toYaml .Values.deployment.extraEnv) . | nindent 12 }}
            {{- end }}
          volumeMounts:
            - name: {{ include "keto.name" . }}-config-volume
              mountPath: /etc/config
              readOnly: true
          {{- with $extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
        {{- if $extraContainers }}
          {{- tpl $extraContainers . | nindent 8 }}
        {{- end }}
      volumes:
        - name: {{ include "keto.name" . }}-config-volume
          configMap:
            name: {{ include "keto.fullname" . }}-config
      {{- with $extraVolumes }}
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      {{- with $nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.deployment.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}
Fixing ldap conf, initializing keto, oc-auth and co 2024-12-09 15:05:29 +01:00			`{{- $podAnnotations := ternary .Values.deployment.podAnnotations .Values.podAnnotations (not (empty .Values.deployment.podAnnotations )) -}}`
			`{{- $automountServiceAccountToken := ternary .Values.deployment.automountServiceAccountToken .Values.automountServiceAccountToken (not (empty .Values.deployment.automountServiceAccountToken )) -}}`
			`{{- $livenessProbe := ternary .Values.deployment.livenessProbe .Values.livenessProbe (not (empty .Values.deployment.livenessProbe )) -}}`
			`{{- $readinessProbe := ternary .Values.deployment.readinessProbe .Values.readinessProbe (not (empty .Values.deployment.readinessProbe )) -}}`
			`{{- $autoscaling := ternary .Values.deployment.autoscaling .Values.autoscaling (not (empty .Values.deployment.autoscaling )) -}}`
			`{{- $resources := ternary .Values.deployment.resources .Values.resources (not (empty .Values.deployment.resources )) -}}`
			`{{- $extraInitContainers := ternary .Values.deployment.extraInitContainers .Values.extraInitContainers (not (empty .Values.deployment.extraInitContainers )) -}}`
			`{{- $extraContainers := ternary .Values.deployment.extraContainers .Values.extraContainers (not (empty .Values.deployment.extraContainers )) -}}`
			`{{- $extraLabels := ternary .Values.deployment.extraLabels .Values.extraLabels (not (empty .Values.deployment.extraLabels )) -}}`
			`{{- $extraVolumeMounts := ternary .Values.deployment.extraVolumeMounts .Values.extraVolumeMounts (not (empty .Values.deployment.extraVolumeMounts )) -}}`
			`{{- $extraVolumes := ternary .Values.deployment.extraVolumes .Values.extraVolumes (not (empty .Values.deployment.extraVolumes )) -}}`
			`{{- $nodeSelector := ternary .Values.deployment.nodeSelector .Values.nodeSelector (not (empty .Values.deployment.nodeSelector )) -}}`
			`{{- $affinity := ternary .Values.deployment.affinity .Values.affinity (not (empty .Values.deployment.affinity )) -}}`
			`{{- $tolerations := ternary .Values.deployment.tolerations .Values.tolerations (not (empty .Values.deployment.tolerations )) -}}`
			`{{- $topologySpreadConstraints := ternary .Values.deployment.topologySpreadConstraints .Values.topologySpreadConstraints (not (empty .Values.deployment.topologySpreadConstraints )) -}}`
			`{{- include "keto.automigration.typeVerification" . -}}`
			`{{- $migrationExtraEnv := ternary .Values.deployment.automigration.extraEnv .Values.deployment.extraEnv (not (empty .Values.deployment.automigration.extraEnv )) -}}`

			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: {{ include "keto.fullname" . }}`
			`{{- if .Release.Namespace }}`
			`namespace: {{ .Release.Namespace }}`
			`{{- end }}`
			`labels:`
			`{{- include "keto.labels" . \| nindent 4 }}`
			`{{- with $extraLabels }}`
			`{{- toYaml . \| nindent 4 }}`
			`{{- end }}`
			`annotations:`
			`{{- with .Values.deployment.annotations }}`
			`{{- toYaml . \| nindent 4 }}`
			`{{- end }}`
			`spec:`
			`minReadySeconds: {{ .Values.deployment.minReadySeconds }}`
			`{{- if not $autoscaling.enabled }}`
			`replicas: {{ .Values.replicaCount }}`
			`{{- end }}`
			`revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}`
			`strategy:`
			`{{- toYaml .Values.deployment.strategy \| nindent 4 }}`
			`selector:`
			`matchLabels:`
			`{{- include "keto.selectorLabels" . \| nindent 6 }}`
			`template:`
			`metadata:`
			`annotations:`
			`{{- include "keto.annotations.checksum" . \| indent 8 -}}`
			`{{- with $podAnnotations }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- with $.Values.deployment.podMetadata.annotations }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`labels:`
			`{{- include "keto.selectorLabels" . \| nindent 8 }}`
			`{{- with $extraLabels }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- with $.Values.deployment.podMetadata.labels }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`spec:`
			`{{- with .Values.imagePullSecrets }}`
			`imagePullSecrets:`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`initContainers:`
			`{{- if $extraInitContainers}}`
			`{{- tpl $extraInitContainers . \| nindent 8 }}`
			`{{- end }}`
			`{{- if and ( .Values.keto.automigration.enabled ) ( eq .Values.keto.automigration.type "initContainer" ) }}`
			`- name: {{ .Chart.Name }}-automigrate`
			`image: "{{ .Values.image.repository }}:{{ .Values.image.tag \| default .Chart.AppVersion }}"`
			`imagePullPolicy: {{ .Values.image.pullPolicy }}`
			`{{- if .Values.keto.automigration.customCommand }}`
			`command: {{- toYaml .Values.keto.automigration.customCommand \| nindent 12 }}`
			`{{- else }}`
			`command: ["keto"]`
			`{{- end }}`
			`{{- if .Values.keto.automigration.customArgs }}`
			`args: {{- toYaml .Values.keto.automigration.customArgs \| nindent 12 }}`
			`{{- else }}`
			`args: [ "migrate", "up", "-y", "--config", "/etc/config/keto.yaml" ]`
			`{{- end }}`
			`volumeMounts:`
			`- name: {{ include "keto.name" . }}-config-volume`
			`mountPath: /etc/config`
			`readOnly: true`
			`{{- with $extraVolumeMounts }}`
			`{{- toYaml . \| nindent 12 }}`
			`{{- end }}`
			`env:`
			`{{- if not (empty ( include "keto.dsn" . )) }}`
			`{{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }}`
			`- name: DSN`
			`valueFrom:`
			`secretKeyRef:`
			`name: {{ include "keto.secretname" . }}`
			`key: dsn`
			`{{- end }}`
			`{{- end }}`
			`{{- if $migrationExtraEnv }}`
			`{{- tpl (toYaml $migrationExtraEnv) . \| nindent 12 }}`
			`{{- end }}`
			`{{- with .Values.keto.automigration.resources }}`
			`resources:`
			`{{- toYaml . \| nindent 12 }}`
			`{{- end }}`
			`{{- end }}`
			`serviceAccountName: {{ include "keto.serviceAccountName" . }}`
			`automountServiceAccountToken: {{ $automountServiceAccountToken }}`
			`securityContext:`
			`{{- toYaml .Values.podSecurityContext \| nindent 8 }}`
			`terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}`
			`containers:`
			`- name: {{ .Chart.Name }}`
			`{{- with .Values.securityContext }}`
			`securityContext:`
			`{{- toYaml . \| nindent 12 }}`
			`{{- end }}`
			`image: "{{ .Values.image.repository }}:{{ .Values.image.tag \| default .Chart.AppVersion }}"`
			`imagePullPolicy: {{ .Values.image.pullPolicy }}`
			`command: {{- toYaml .Values.keto.command \| nindent 12 }}`
			`{{- if .Values.keto.customArgs }}`
			`args: {{- toYaml .Values.keto.customArgs \| nindent 12 }}`
			`{{- else }}`
			`args:`
			`- serve`
			`- --config`
			`- /etc/config/keto.yaml`
			`{{- end }}`
			`ports:`
			`- name: {{ .Values.service.read.name }}`
			`containerPort: {{ .Values.keto.config.serve.read.port }}`
			`protocol: TCP`
			`- name: {{ .Values.service.write.name }}`
			`containerPort: {{ .Values.keto.config.serve.write.port }}`
			`protocol: TCP`
			`- name: {{ .Values.service.metrics.name }}`
			`containerPort: {{ .Values.keto.config.serve.metrics.port }}`
			`protocol: TCP`
			`{{- with .Values.deployment.extraPorts }}`
			`{{- toYaml . \| nindent 12 }}`
			`{{- end }}`
			`lifecycle:`
			`{{- toYaml .Values.deployment.lifecycle \| nindent 12 }}`
			`{{- if .Values.deployment.customLivenessProbe }}`
			`livenessProbe:`
			`{{- toYaml .Values.deployment.customLivenessProbe \| nindent 12 }}`
			`{{- end }}`
			`readinessProbe:`
			`{{- if .Values.deployment.customReadinessProbe }}`
			`{{- toYaml .Values.deployment.customReadinessProbe \| nindent 12 }}`
			`{{- else }}`
			`httpGet:`
			`path: /health/alive`
			`port: {{ .Values.keto.config.serve.write.port }}`
			`httpHeaders:`
			`- name: Host`
			`value: '127.0.0.1'`
			`{{- toYaml $readinessProbe \| nindent 12 }}`
			`{{- end }}`
			`startupProbe:`
			`{{- if .Values.deployment.customStartupProbe }}`
			`{{- toYaml .Values.deployment.customStartupProbe \| nindent 12 }}`
			`{{- else }}`
			`httpGet:`
			`path: /health/ready`
			`port: {{ .Values.keto.config.serve.write.port }}`
			`httpHeaders:`
			`- name: Host`
			`value: '127.0.0.1'`
			`{{- toYaml .Values.deployment.startupProbe \| nindent 12 }}`
			`{{- end }}`
			`resources:`
			`{{- toYaml $resources \| nindent 12 }}`
			`env:`
			`{{- if not (empty ( include "keto.dsn" . )) }}`
			`{{- if not (include "ory.extraEnvContainsEnvName" (list .Values.deployment.extraEnv "DSN")) }}`
			`- name: DSN`
			`valueFrom:`
			`secretKeyRef:`
			`name: {{ include "keto.secretname" . }}`
			`key: dsn`
			`{{- end }}`
			`{{- end }}`
			`{{- if .Values.deployment.extraEnv }}`
			`{{- tpl (toYaml .Values.deployment.extraEnv) . \| nindent 12 }}`
			`{{- end }}`
			`volumeMounts:`
			`- name: {{ include "keto.name" . }}-config-volume`
			`mountPath: /etc/config`
			`readOnly: true`
			`{{- with $extraVolumeMounts }}`
			`{{- toYaml . \| nindent 12 }}`
			`{{- end }}`
			`{{- if $extraContainers }}`
			`{{- tpl $extraContainers . \| nindent 8 }}`
			`{{- end }}`
			`volumes:`
			`- name: {{ include "keto.name" . }}-config-volume`
			`configMap:`
			`name: {{ include "keto.fullname" . }}-config`
			`{{- with $extraVolumes }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- with .Values.priorityClassName }}`
			`priorityClassName: {{ . }}`
			`{{- end }}`
			`{{- with $nodeSelector }}`
			`nodeSelector:`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- with $affinity }}`
			`affinity:`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- with $tolerations }}`
			`tolerations:`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- with $topologySpreadConstraints }}`
			`topologySpreadConstraints:`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- with .Values.deployment.dnsConfig }}`
			`dnsConfig:`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`