apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "tutortool.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "tutortool.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: type: {{ .Values.strategy.type | default "Recreate" }} selector: matchLabels: {{- include "tutortool.selectorLabels" . | nindent 6 }} template: metadata: labels: {{- include "tutortool.selectorLabels" . | nindent 8 }} spec: serviceAccountName: {{ include "tutortool.serviceAccountName" . }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} securityContext: fsGroup: 1000 containers: - name: app image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: {{ .Values.containerPort }} env: - name: DATABASE_URL value: {{ .Values.env.DATABASE_URL | quote }} - name: STATIC_DIR value: {{ .Values.env.STATIC_DIR | quote }} {{- range $k, $v := .Values.env.extra }} - name: {{ $k }} value: {{ $v | quote }} {{- end }} - name: JWT_SECRET valueFrom: secretKeyRef: name: {{ .Values.jwtSecretName }} key: JWT_SECRET volumeMounts: - name: data mountPath: /data livenessProbe: httpGet: path: /health port: {{ .Values.containerPort }} initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /health port: {{ .Values.containerPort }} initialDelaySeconds: 5 periodSeconds: 10 securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 resources: {{- toYaml .Values.resources | nindent 12 }} volumes: - name: data persistentVolumeClaim: claimName: {{ include "tutortool.fullname" . }}-data