oleks/cms-plugins
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
67b07634ae88fb50014aa5c17aa08c7dbf4ea47a
cms-plugins/deploy/helm/templates/deployment.yaml
T
Oleks 67b07634ae initial scaffold: emdash catalog, helm chart, woodpecker pipeline, ddev 
- app/: Emdash scaffold (Astro 6, node target) with cmses/plugins/pages collections
- app/seed/seed.json: WordPress→Emdash parity for kotkanagrilli.fi (~30 entries)
- Dockerfile + docker/entrypoint.sh: multi-stage build, single PVC at /app/state
- deploy/helm/: chart mirroring emdash-kotkanagrilli (single-replica, sqlite, kotkan)
- deploy/fleet-overlay/: HelmRelease/source/image-automation templates for
  anton-helm-workloads (staging + production)
- .woodpecker/container.yaml: arm64 build, three OCI tags per push
  (immutable 0.1.<pipeline> + floating <branch> + <branch>-latest)
- .ddev/: local dev with nginx proxy to emdash on :4321
- README/DEPLOYMENT/ARCHITECTURE/CLAUDE: docs covering the three-repo
  pipeline (cms-plugins + anton-helm-workloads + Gitea OCI registry)
2026-05-20 11:19:00 +03:00

101 lines
3.8 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cms-plugins.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cms-plugins.labels" . | nindent 4 }}
spec:
# SQLite is single-writer; do not scale beyond 1.
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
{{- include "cms-plugins.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "cms-plugins.selectorLabels" . | nindent 8 }}
app.kubernetes.io/version: {{ .Values.image.tag | quote }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: cms-plugins
# When `image.digest` is provided, pin by digest so a floating
# tag (staging, production) doesn't confuse Helm into a no-op
# upgrade when the underlying image changes. Tag stays as a
# human-readable hint via the imagePullPolicy fallback path.
image: "{{ .Values.image.repository }}{{- if .Values.image.digest -}}@{{ .Values.image.digest }}{{- else -}}:{{ .Values.image.tag }}{{- end }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
env:
{{- range $key, $val := .Values.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
# EMDASH_SITE_URL gates the CSRF check on plugin POST routes.
# Astro inside the pod sees http://localhost:4321/, so without
# this any browser request from https://<ingress.host>/ trips
# the same-origin check. Derived from the ingress host so we
# don't need to set it per-environment.
{{- if and .Values.ingress.enabled .Values.ingress.host }}
- name: EMDASH_SITE_URL
value: "https://{{ .Values.ingress.host }}"
{{- end }}
envFrom:
- secretRef:
name: {{ .Values.existingSecret | default (printf "%s-secrets" (include "cms-plugins.fullname" .)) }}
volumeMounts:
- name: state
mountPath: {{ .Values.persistence.mountPath }}
livenessProbe:
httpGet:
path: {{ .Values.probes.liveness.path }}
port: http
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
readinessProbe:
httpGet:
path: {{ .Values.probes.readiness.path }}
port: http
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: state
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "cms-plugins.fullname" . }}-state
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink