131 lines
4.7 KiB
YAML
131 lines
4.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "mastodon.fullname" . }}-sidekiq
|
|
labels:
|
|
{{- include "mastodon.labels" . | nindent 4 }}
|
|
spec:
|
|
{{- if not .Values.autoscaling.enabled }}
|
|
replicas: {{ .Values.replicaCount }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
|
app.kubernetes.io/component: sidekiq
|
|
app.kubernetes.io/part-of: rails
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
{{- with .Values.podAnnotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
# roll the pods to pick up any db migrations or other changes
|
|
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
|
|
labels:
|
|
{{- include "mastodon.selectorLabels" . | nindent 8 }}
|
|
app.kubernetes.io/component: sidekiq
|
|
app.kubernetes.io/part-of: rails
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
|
{{- with .Values.podSecurityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
|
# ensure we run on the same node as the other rails components; only
|
|
# required when using PVCs that are ReadWriteOnce
|
|
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
|
affinity:
|
|
podAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/part-of
|
|
operator: In
|
|
values:
|
|
- rails
|
|
topologyKey: kubernetes.io/hostname
|
|
{{- end }}
|
|
volumes:
|
|
- name: assets
|
|
persistentVolumeClaim:
|
|
claimName: {{ template "mastodon.fullname" . }}-assets
|
|
- name: system
|
|
persistentVolumeClaim:
|
|
claimName: {{ template "mastodon.fullname" . }}-system
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
command:
|
|
- bundle
|
|
- exec
|
|
- sidekiq
|
|
- -c
|
|
- {{ .Values.mastodon.sidekiq.concurrency | quote }}
|
|
envFrom:
|
|
- configMapRef:
|
|
name: {{ include "mastodon.fullname" . }}-env
|
|
- secretRef:
|
|
name: {{ template "mastodon.secretName" . }}
|
|
env:
|
|
- name: "DB_PASS"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "mastodon.postgresql.secretName" . }}
|
|
key: password
|
|
- name: "REDIS_PASSWORD"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "mastodon.redis.secretName" . }}
|
|
key: redis-password
|
|
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
|
|
- name: "AWS_SECRET_ACCESS_KEY"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.mastodon.s3.existingSecret }}
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
- name: "AWS_ACCESS_KEY_ID"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.mastodon.s3.existingSecret }}
|
|
key: AWS_ACCESS_KEY_ID
|
|
{{- end }}
|
|
{{- if .Values.mastodon.smtp.existingSecret }}
|
|
- name: "SMTP_LOGIN"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.mastodon.smtp.existingSecret }}
|
|
key: login
|
|
optional: true
|
|
- name: "SMTP_PASSWORD"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.mastodon.smtp.existingSecret }}
|
|
key: password
|
|
{{- end }}
|
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
|
volumeMounts:
|
|
- name: assets
|
|
mountPath: /opt/mastodon/public/assets
|
|
- name: system
|
|
mountPath: /opt/mastodon/public/system
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|