apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "shoal.fullname" . }}-api labels: {{- include "shoal.labels" . | nindent 4 }} app.kubernetes.io/component: api spec: replicas: {{ .Values.api.replicas }} selector: matchLabels: {{- include "shoal.selectorLabels" . | nindent 6 }} app.kubernetes.io/component: api template: metadata: labels: {{- include "shoal.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: api annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- if .Values.metrics.annotations }} prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" {{- end }} {{- with .Values.api.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "shoal.serviceAccountName" . }} securityContext: runAsNonRoot: true runAsUser: 10001 fsGroup: 10001 containers: - name: api image: {{ include "shoal.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: 8080 envFrom: - configMapRef: name: {{ include "shoal.fullname" . }}-config - secretRef: name: {{ include "shoal.secretName" . }} readinessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 3 periodSeconds: 5 livenessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 10 periodSeconds: 10 resources: {{- toYaml .Values.api.resources | nindent 12 }} volumeMounts: - name: cache mountPath: {{ .Values.config.cache.dir }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] volumes: - name: cache emptyDir: sizeLimit: {{ .Values.api.cacheVolume.sizeLimit }} {{- with .Values.api.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.api.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.api.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }}