NeoShowcase/charts/neoshowcase/templates/builder/deployment.yaml at 696a73ce3859c9e7278ff2a34e575a99f73d731b · traPtitech/NeoShowcase · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
{{- with $.Values.builder }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ $.Release.Name }}-builder
  namespace: {{ $.Release.Namespace }}

spec:
  replicas: {{ .replicas }}
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: {{ $.Release.Name }}-builder
  template:
    metadata:
      labels:
        app: {{ $.Release.Name }}-builder
      annotations:
        checksum/config: {{ include "config-hash" $ | quote }}
        checksum/buildkit-config: {{ include "buildkit-config-hash" $ | quote }}
        checksum/known-hosts: {{ include "known-hosts-hash" $ | quote }}
    spec:
      enableServiceLinks: false
      {{- if .nodeSelector }}
      nodeSelector:
        {{- .nodeSelector | toYaml | nindent 8 }}
      {{- end }}
      {{- if .tolerations }}
      tolerations:
        {{- .tolerations | toYaml | nindent 8 }}
      {{- end }}
      {{- if .topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- .topologySpreadConstraints | toYaml | nindent 8 }}
      {{- end }}

      volumes:
        - name: ns-bin
          emptyDir: {}
        - name: socket
          emptyDir: {}
        - name: config
          configMap:
            name: ns-config
        - name: buildkit-config
          configMap:
            name: buildkit
        - name: known-hosts
          configMap:
            name: known-hosts
        {{- if $.Values.common.additionalVolumes }}
        {{- $.Values.common.additionalVolumes | toYaml | nindent 8 }}
        {{- end }}

      initContainers:
        - name: buildpack-install
          image: {{ include "image.builder" $ }}
          imagePullPolicy: {{ .imagePullPolicy | default $.Values.global.image.pullPolicy }}
          command:
            - cp
            - /app/ns
            - /ns-bin
          volumeMounts:
            - mountPath: /ns-bin
              name: ns-bin

      containers:
        - name: buildpack
          image: {{ .buildpack.image }}
          imagePullPolicy: {{ .buildpack.imagePullPolicy | default $.Values.global.image.pullPolicy }}
          command:
            - /ns-bin/ns
            - buildpack-helper
          args:
            - --loglevel=debug
            - --config=/opt/config/ns.yaml
          volumeMounts:
            - mountPath: /ns-bin
              name: ns-bin
            - mountPath: /opt/config/ns.yaml
              name: config
              subPath: ns.yaml
          {{- if .buildpack.resources }}
          resources:
            {{- .buildpack.resources | toYaml | nindent 12 }}
          {{- end }}

        - name: buildkit
          image: {{ .buildkit.image }}
          imagePullPolicy: {{ .buildkit.imagePullPolicy | default $.Values.global.image.pullPolicy }}
          args:
            - --addr
            - unix:///run/user/1000/buildkit/buildkitd.sock
            - --oci-worker-no-process-sandbox
          readinessProbe:
            exec:
              command:
                - buildctl
                - debug
                - workers
            initialDelaySeconds: 5
            periodSeconds: 30
          livenessProbe:
            exec:
              command:
                - buildctl
                - debug
                - workers
            initialDelaySeconds: 5
            periodSeconds: 30
          securityContext:
            appArmorProfile:
              type: Unconfined
            seccompProfile:
              type: Unconfined
            runAsUser: 1000
            runAsGroup: 1000
          volumeMounts:
            - name: socket
              mountPath: /run/user/1000/buildkit
            - name: buildkit-config
              subPath: buildkitd.toml
              mountPath: /home/user/.config/buildkit/buildkitd.toml
          {{- if .buildkit.resources }}
          resources:
            {{- .buildkit.resources | toYaml | nindent 12 }}
          {{- end }}

        - name: builder
          image: {{ include "image.builder" $ }}
          imagePullPolicy: {{ .imagePullPolicy | default $.Values.global.image.pullPolicy }}
          args:
            - --loglevel={{ $.Values.common.logLevel }}
            - --config=/opt/config/ns.yaml
          env:
            - name: NS_COMPONENTS_CONTROLLER_TOKEN
              valueFrom:
                secretKeyRef:
                  name: {{ $.Values.secret.ns.existingName }}
                  key: controller-token
          volumeMounts:
            - mountPath: /run/buildkit
              name: socket
            - mountPath: /opt/config/ns.yaml
              name: config
              subPath: ns.yaml
            - mountPath: /root/.ssh/known_hosts
              name: known-hosts
              subPath: known_hosts
            {{- if $.Values.common.additionalVolumeMounts }}
            {{- $.Values.common.additionalVolumeMounts | toYaml | nindent 12 }}
            {{- end }}
          {{- if .resources }}
          resources:
            {{- .resources | toYaml | nindent 12 }}
          {{- end }}

{{- end }}