{{- include "hydra.automigration.typeVerification" . -}} {{- $migrationExtraEnv := ternary .Values.deployment.automigration.extraEnv .Values.deployment.extraEnv (not (empty .Values.deployment.automigration.extraEnv )) -}} --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "hydra.fullname" . }} {{- if .Release.Namespace }} namespace: {{ .Release.Namespace }} {{- end }} labels: {{- include "hydra.labels" . | nindent 4 }} {{- with .Values.deployment.labels }} {{- toYaml . | nindent 4 }} {{- end }} annotations: {{- with .Values.deployment.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if not .Values.deployment.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} strategy: {{- toYaml .Values.deployment.strategy | nindent 4 }} selector: matchLabels: app.kubernetes.io/name: {{ include "hydra.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: {{- include "hydra.labels" . | nindent 8 }} {{- with .Values.deployment.labels }} {{- toYaml . | nindent 8 }} {{- end }} {{- with $.Values.deployment.podMetadata.labels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- include "hydra.annotations.checksum" . | nindent 8 -}} {{- with .Values.deployment.annotations }} {{- toYaml . | nindent 8 }} {{- end }} {{- with $.Values.deployment.podMetadata.annotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: {{ include "hydra.name" . }}-config-volume configMap: name: {{ include "hydra.fullname" . }} {{- if .Values.deployment.extraVolumes }} {{- toYaml .Values.deployment.extraVolumes | nindent 8 }} {{- end }} serviceAccountName: {{ include "hydra.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.deployment.automountServiceAccountToken }} terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: {{- toYaml .Values.hydra.command | nindent 12 }} {{- if .Values.hydra.customArgs }} args: {{- toYaml .Values.hydra.customArgs | nindent 12 }} {{- else }} args: - serve - all {{- if .Values.hydra.dev }} - "--dev" {{- end }} - --config - /etc/config/hydra.yaml {{- end }} volumeMounts: - name: {{ include "hydra.name" . }}-config-volume mountPath: /etc/config readOnly: true {{- if .Values.deployment.extraVolumeMounts }} {{- toYaml .Values.deployment.extraVolumeMounts | nindent 12 }} {{- end }} ports: - name: http-public containerPort: {{ .Values.hydra.config.serve.public.port }} protocol: TCP - name: http-admin containerPort: {{ .Values.hydra.config.serve.admin.port }} protocol: TCP {{- if .Values.deployment.customLivenessProbe }} livenessProbe: {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }} {{- end }} readinessProbe: {{- if .Values.deployment.customReadinessProbe }} {{- toYaml .Values.deployment.customReadinessProbe | nindent 12 }} {{- else }} httpGet: path: /health/alive port: {{ .Values.hydra.config.serve.admin.port }} httpHeaders: - name: Host value: '127.0.0.1' {{- toYaml .Values.deployment.readinessProbe | nindent 12 }} {{- end }} startupProbe: {{- if .Values.deployment.customStartupProbe }} {{- toYaml .Values.deployment.customStartupProbe | nindent 12 }} {{- else }} httpGet: path: /health/ready port: {{ .Values.hydra.config.serve.admin.port }} httpHeaders: - name: Host value: '127.0.0.1' {{- toYaml .Values.deployment.startupProbe | nindent 12 }} {{- end }} env: {{- $issuer := include "hydra.config.urls.issuer" . -}} {{- if $issuer }} - name: URLS_SELF_ISSUER value: {{ $issuer | quote }} {{- end }} {{- if not (empty ( include "hydra.dsn" . )) }} {{- if not (include "ory.extraEnvContainsEnvName" (list .Values.deployment.extraEnv "DSN")) }} - name: DSN valueFrom: secretKeyRef: name: {{ include "hydra.secretname" . }} key: dsn {{- end }} {{- end }} - name: SECRETS_SYSTEM valueFrom: secretKeyRef: name: {{ include "hydra.secretname" . }} key: secretsSystem - name: SECRETS_COOKIE valueFrom: secretKeyRef: name: {{ include "hydra.secretname" . }} key: secretsCookie {{- if .Values.deployment.extraEnv }} {{- tpl (toYaml .Values.deployment.extraEnv) . | nindent 12 }} {{- end }} resources: {{- toYaml .Values.deployment.resources | nindent 12 }} {{- if .Values.deployment.securityContext }} securityContext: {{- toYaml .Values.deployment.securityContext | nindent 12 }} {{- end }} lifecycle: {{- toYaml .Values.deployment.lifecycle | nindent 12 }} {{- if .Values.deployment.extraContainers }} {{- tpl .Values.deployment.extraContainers . | nindent 8 }} {{- end }} initContainers: {{- if .Values.deployment.extraInitContainers }} {{- tpl .Values.deployment.extraInitContainers . | nindent 8 }} {{- end }} {{- if and ( .Values.hydra.automigration.enabled ) ( eq .Values.hydra.automigration.type "initContainer" ) }} - name: {{ .Chart.Name }}-automigrate image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.hydra.automigration.customCommand }} command: {{- toYaml .Values.hydra.automigration.customCommand | nindent 12 }} {{- else }} command: ["hydra"] {{- end }} {{- if .Values.hydra.automigration.customArgs }} args: {{- toYaml .Values.hydra.automigration.customArgs | nindent 12 }} {{- else }} args: ["migrate", "sql", "-e", "--yes", "--config", "/etc/config/hydra.yaml"] {{- end }} volumeMounts: - name: {{ include "hydra.name" . }}-config-volume mountPath: /etc/config readOnly: true {{- with .Values.deployment.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} env: {{- if not (empty ( include "hydra.dsn" . )) }} {{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }} - name: DSN valueFrom: secretKeyRef: name: {{ include "hydra.secretname" . }} key: dsn {{- end }} {{- end }} {{- if $migrationExtraEnv }} {{- tpl (toYaml $migrationExtraEnv) . | nindent 12 }} {{- end }} {{- if .Values.hydra.automigration.resources }} resources: {{- toYaml .Values.hydra.automigration.resources | nindent 12 }} {{- end }} {{- with .Values.deployment.initContainerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} {{- with .Values.deployment.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.deployment.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.deployment.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.deployment.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.deployment.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} {{- end }}