apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Values.app.name }} spec: replicas: {{ .Values.app.replicas }} revisionHistoryLimit: 3 selector: matchLabels: app: {{ .Values.app.name }} template: metadata: labels: app: {{ .Values.app.name }} spec: securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault containers: - name: {{ .Values.app.name }} image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] ports: - containerPort: {{ .Values.app.port }} env: - name: MARIADB_HOST value: {{ printf "%s.%s.svc.cluster.local" .Values.mariadb.mariaDbRef.name .Values.mariadb.mariaDbRef.namespace | quote }} - name: MARIADB_PORT value: '3306' - name: MARIADB_DB value: {{ required "Set .Values.deployment" .Values.deployment | quote }} - name: MARIADB_USER value: {{ required "Set .Values.deployment" .Values.deployment | quote }} - name: MARIADB_PASSWORD valueFrom: secretKeyRef: name: {{ required "Set .Values.database.secretName" .Values.database.secretName }} key: password - name: RABBITMQ_USERNAME value: {{ .Values.rabbitmq.username | quote }} - name: RABBITMQ_PASSWORD value: {{ required "Set .Values.rabbitmq.password" .Values.rabbitmq.password | quote }} - name: RABBITMQ_HOST value: {{ .Values.rabbitmq.host | quote }} - name: RABBITMQ_PORT value: {{ .Values.rabbitmq.port | quote }} - name: MAIL_QUEUE value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }} livenessProbe: httpGet: path: / port: {{ .Values.app.port }} initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: / port: {{ .Values.app.port }} initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 3