apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ls-app.fullname" . }} {{- with .Values.app.deploymentAnnotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "ls-app.labels" . | nindent 4 }} {{- if .Values.app.labels }} {{- toYaml .Values.app.labels | nindent 4 }} {{- end }} spec: {{- if ne .Values.app.replicas nil }} replicas: {{ .Values.app.replicas }} {{- end }} selector: matchLabels: {{- include "ls-app.selectorLabels" . | nindent 6 }} {{- with .Values.app.deploymentStrategy }} strategy: {{- toYaml . | trim | nindent 4 }} {{- end }} template: metadata: {{- with .Values.app.annotations }} annotations: {{- toYaml . | nindent 12 }} {{- end }} labels: {{- include "ls-app.selectorLabels" . | nindent 8 }} {{- if .Values.app.podLabels }} {{- toYaml .Values.app.podLabels | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "ls-app.serviceAccountName" . }} {{- if .Values.app.podSecurityContext.enabled }} securityContext: {{- omit .Values.app.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} automountServiceAccountToken: {{ .Values.app.automountServiceAccountToken }} initContainers: {{- if .Values.app.initContainers }} {{- range .Values.app.initContainers }} - name: {{ .name }} image: {{ or .image (printf "%s/%s:%s" ($.Values.global.image.registry | default "docker.io") $.Values.global.image.repository $.Values.global.image.tag) ($.Chart.AppVersion) }} args: {{- range .args }} - {{ . }} {{- end }} imagePullPolicy: {{ or .pullPolicy $.Values.global.image.pullPolicy }} {{- if .restartPolicy }} restartPolicy: {{ .restartPolicy }} {{- end }} {{- if $.Values.app.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} env: {{- include "ls.common.envs" $ | nindent 12 }} - name: INIT_CONTAINER value: "true" volumeMounts: - name: data mountPath: /label-studio/data - mountPath: /opt/heartex/instance-data/etc name: opt-heartex-init - mountPath: /tmp name: tmp-dir-init {{- if $.Values.global.pgConfig.ssl.pgSslSecretName }} - name: pg-ssl-certs mountPath: /opt/heartex/secrets/pg_certs {{- end }} {{- if $.Values.global.redisConfig.ssl.redisSslSecretName }} - name: redis-ssl-certs mountPath: /opt/heartex/secrets/redis_certs {{- end }} {{- if .extraVolumeMounts }} {{ toYaml .extraVolumeMounts | nindent 12 }} {{- end }} {{- end }} {{- end }} {{- if not .Values.migrationJob.enabled }} - name: db-migrations image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}" args: [ "label-studio-migrate" ] imagePullPolicy: {{ .Values.global.image.pullPolicy }} {{- if .Values.app.containerSecurityContext.enabled }} securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} resources: {{- toYaml .Values.app.initContainer.resources | nindent 12 }} env: {{- include "ls.common.envs" . | nindent 12 }} - name: INIT_CONTAINER value: "true" volumeMounts: - name: data mountPath: /label-studio/data - mountPath: /opt/heartex/instance-data/etc name: opt-heartex-init - mountPath: /tmp name: tmp-dir-init {{- if .Values.global.pgConfig.ssl.pgSslSecretName }} - name: pg-ssl-certs mountPath: /opt/heartex/secrets/pg_certs {{- end }} {{- if .Values.global.redisConfig.ssl.redisSslSecretName }} - name: redis-ssl-certs mountPath: /opt/heartex/secrets/redis_certs {{- end }} {{- if .Values.app.extraVolumeMounts }} {{ toYaml .Values.app.extraVolumeMounts | nindent 12 }} {{- end }} {{- end }} {{- if .Values.app.postMigrationInitContainers }} {{- range .Values.app.postMigrationInitContainers }} - name: {{ .name }} image: {{ or .image (printf "%s/%s:%s" ($.Values.global.image.registry | default "docker.io") $.Values.global.image.repository $.Values.global.image.tag) ($.Chart.AppVersion) }} args: {{- range .args }} - {{ . }} {{- end }} imagePullPolicy: {{ or .pullPolicy $.Values.global.image.pullPolicy }} {{- if .restartPolicy }} restartPolicy: {{ .restartPolicy }} {{- end }} {{- if $.Values.app.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} env: {{- include "ls.common.envs" $ | nindent 12 }} - name: INIT_CONTAINER value: "true" volumeMounts: - name: data mountPath: /label-studio/data - mountPath: /opt/heartex/instance-data/etc name: opt-heartex-init - mountPath: /tmp name: tmp-dir-init {{- if $.Values.global.pgConfig.ssl.pgSslSecretName }} - name: pg-ssl-certs mountPath: /opt/heartex/secrets/pg_certs {{- end }} {{- if $.Values.global.redisConfig.ssl.redisSslSecretName }} - name: redis-ssl-certs mountPath: /opt/heartex/secrets/redis_certs {{- end }} {{- if .extraVolumeMounts }} {{ toYaml .extraVolumeMounts | nindent 12 }} {{- end }} {{- end }} {{- end }} terminationGracePeriodSeconds: {{ .Values.app.terminationGracePeriodSeconds }} containers: - name: app image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.global.image.pullPolicy }} {{- if .Values.app.containerSecurityContext.enabled }} securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} args: {{- range .Values.app.args }} - {{ . }} {{- end }} env: - name: SKIP_DB_MIGRATIONS value: "true" {{- include "ls.common.envs" . | nindent 12 }} {{- if .Values.app.extraEnvironmentVars -}} {{- range $key, $value := .Values.app.extraEnvironmentVars }} - name: {{ printf "%s" $key | replace "." "_" | upper | quote }} value: {{ $value | quote }} {{- end }} {{- end }} {{- if .Values.app.extraEnvironmentSecrets -}} {{- range $key, $value := .Values.app.extraEnvironmentSecrets }} - name: {{ printf "%s" $key | replace "." "_" | upper | quote }} valueFrom: secretKeyRef: name: {{ $value.secretName }} key: {{ $value.secretKey }} {{- end }} {{- end }} {{- if or $.Values.app.cmdWrapper $.Values.global.cmdWrapper }} - name: CMD_WRAPPER value: {{ coalesce $.Values.app.cmdWrapper $.Values.global.cmdWrapper }} {{- end }} {{- if .Values.app.readinessProbe.enabled }} readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.readinessProbe "enabled") "context" $) | nindent 12 }} {{- end }} {{- if .Values.app.livenessProbe.enabled }} livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.livenessProbe "enabled") "context" $) | nindent 12 }} {{- end }} lifecycle: preStop: exec: command: [ '/bin/sh', '-c', 'sleep {{ .Values.app.preStopDelaySeconds }}' ] resources: {{- toYaml .Values.app.resources | nindent 12 }} volumeMounts: - name: data mountPath: /label-studio/data {{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "gcs") }} {{- if or .Values.global.persistence.config.gcs.applicationCredentialsJSON (and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey) }} - name: gcs-storage-credentials mountPath: /opt/heartex/secrets/gcs readOnly: true {{- end }} {{- end }} {{- if .Values.global.pgConfig.ssl.pgSslSecretName }} - name: pg-ssl-certs mountPath: /opt/heartex/secrets/pg_certs {{- end }} {{- if .Values.global.redisConfig.ssl.redisSslSecretName }} - name: redis-ssl-certs mountPath: /opt/heartex/secrets/redis_certs {{- end }} {{- if .Values.app.extraVolumeMounts }} {{ toYaml .Values.app.extraVolumeMounts | nindent 12 }} {{- end }} - mountPath: /opt/heartex/instance-data/etc name: opt-heartex-app - mountPath: /tmp name: tmp-dir-app {{- if .Values.metrics.enabled }} ports: - name: "djangometrics" containerPort: 8000 {{- end }} - name: nginx image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.global.image.pullPolicy }} {{- if .Values.app.containerSecurityContext.enabled }} securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} args: {{- range .Values.app.nginx.args }} - {{ . }} {{- end }} env: - name: APP_HOST value: localhost {{- include "ls.common.envs" . | nindent 12}} {{- if .Values.app.nginx.extraEnvironmentVars -}} {{- range $key, $value := .Values.app.nginx.extraEnvironmentVars }} - name: {{ printf "%s" $key | replace "." "_" | upper | quote }} value: {{ $value | quote }} {{- end }} {{- end }} {{- if .Values.app.nginx.extraEnvironmentSecrets -}} {{- range $key, $value := .Values.app.nginx.extraEnvironmentSecrets }} - name: {{ printf "%s" $key | replace "." "_" | upper | quote }} valueFrom: secretKeyRef: name: {{ $value.secretName }} key: {{ $value.secretKey }} {{- end }} {{- end }} ports: - name: {{ .Values.app.service.portName }} containerPort: 8085 protocol: TCP lifecycle: preStop: exec: command: [ '/bin/sh', '-c', 'sleep {{ .Values.app.preStopDelaySeconds }}' ] {{- if .Values.app.nginx.readinessProbe.enabled }} readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.nginx.readinessProbe "enabled") "context" $) | nindent 12 }} {{- end }} {{- if .Values.app.nginx.livenessProbe.enabled }} livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.nginx.livenessProbe "enabled") "context" $) | nindent 12 }} {{- end }} resources: {{- toYaml .Values.app.nginx.resources | nindent 12 }} volumeMounts: - name: data mountPath: /label-studio/data {{- if .Values.app.extraVolumeMounts }} {{ toYaml .Values.app.extraVolumeMounts | nindent 12 }} {{- end }} - mountPath: /opt/heartex/instance-data/etc name: opt-heartex-nginx - mountPath: /tmp name: tmp-dir-nginx {{- if and .Values.metrics.enabled .Values.metrics.uwsgiExporter.enabled }} - name: uwsgi-exporter image: "{{ .Values.metrics.uwsgiExporter.image.repository }}:{{ .Values.metrics.uwsgiExporter.image.tag | default "latest" }}" imagePullPolicy: {{ .Values.metrics.uwsgiExporter.image.pullPolicy }} {{- if .Values.metrics.uwsgiExporter.containerSecurityContext.enabled }} securityContext: {{- omit .Values.metrics.uwsgiExporter.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} args: - "--stats.uri=http://localhost:1717" {{- if .Values.metrics.uwsgiExporter.resources }} resources: {{- toYaml .Values.metrics.uwsgiExporter.resources | nindent 12 }} {{- end }} {{- if .Values.metrics.uwsgiExporter.readinessProbe.enabled }} readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.metrics.uwsgiExporter.readinessProbe "enabled") "context" $) | nindent 12 }} {{- end }} {{- if .Values.metrics.uwsgiExporter.livenessProbe.enabled }} livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.metrics.uwsgiExporter.livenessProbe "enabled") "context" $) | nindent 12 }} {{- end }} ports: - name: "uwsgimetrics" containerPort: 9117 {{- end }} {{- with .Values.app.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.app.topologySpreadConstraints }} topologySpreadConstraints: {{- include "tplvalues.render" (dict "value" .Values.app.topologySpreadConstraints "context" $) | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.app.dnsPolicy }} enableServiceLinks: {{ .Values.app.enableServiceLinks }} shareProcessNamespace: {{ .Values.app.shareProcessNamespace }} {{- with .Values.app.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.app.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: data {{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "volume") }} persistentVolumeClaim: claimName: {{ include "ls-pvc.claimName" . }} {{- else }} emptyDir: {} {{- end }} {{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "gcs") }} {{- if or .Values.global.persistence.config.gcs.applicationCredentialsJSON (and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey) }} - name: gcs-storage-credentials secret: {{- if and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey }} secretName: {{ .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret }} {{- else }} secretName: {{ include "ls-secrets.fullname" . }} {{- end }} {{- end }} {{- end }} {{- if .Values.global.pgConfig.ssl.pgSslSecretName }} - name: pg-ssl-certs secret: secretName: {{ include "tplvalues.render" ( dict "value" .Values.global.pgConfig.ssl.pgSslSecretName "context" $) }} defaultMode: 0640 {{- end }} {{- if .Values.global.redisConfig.ssl.redisSslSecretName }} - name: redis-ssl-certs secret: secretName: {{ include "tplvalues.render" ( dict "value" .Values.global.redisConfig.ssl.redisSslSecretName "context" $) }} defaultMode: 0640 {{- end }} {{- if .Values.app.extraVolumes -}} {{- toYaml .Values.app.extraVolumes | nindent 8 }} {{- end }} - name: opt-heartex-app emptyDir: { } - name: opt-heartex-nginx emptyDir: { } - name: opt-heartex-init emptyDir: { } - name: tmp-dir-app emptyDir: { } - name: tmp-dir-nginx emptyDir: { } - name: tmp-dir-init emptyDir: { }