infra4talos/apps-helm/samba4/templates/deployment.yaml

218 lines
8.1 KiB
YAML
Raw Normal View History

{{ $smbconfchecksum := tpl (.Files.Get "conf/smb.conf") . | sha256sum -}}
{{ $userschecksum := include "userstocreate" . | sha256sum -}}
{{ $scriptchecksum := tpl (.Files.Get "scripts/k8s.sh") . | sha256sum -}}
{{ $fullName := include "samba4.fullname" . }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}
labels:
app.kubernetes.io/name: {{ include "samba4.name" . }}
helm.sh/chart: {{ include "samba4.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
annotations:
checksum/smbconf: {{ $smbconfchecksum }}
checksum/users: {{ $userschecksum }}
{{ if .Values.image.lacksK8sScript -}}
checksum/script: {{ $scriptchecksum }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "samba4.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "samba4.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
checksum/smbconf: {{ $smbconfchecksum }}
checksum/users: {{ $userschecksum }}
{{- if .Values.image.lacksK8sScript }}
checksum/script: {{ $scriptchecksum }}
{{- end }}
spec:
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
{{- if .Values.persistence.combineShares }}
- name: overlaymagic
image: busybox
securityContext:
privileged: true
command:
- /bin/sh
- -c
- --
args:
{{- range .Values.persistence.sharesToCombine }}
- mkdir -p /combined/{{ .destName }};
mkdir -p /data/overlay-{{ .destName }}-upper;
mkdir -p /data/overlay-{{ .destName }}-work;
mount -t overlay -o lowerdir=/extras/{{ join ":/extras/" .shares }},upperdir=/data/overlay-{{ .destName }}-upper,workdir=/data/overlay-{{ .destName }}-work overlay /combined/{{ .destName }};
{{- end }}
touch /combined/overlays-mounted; sleep infinity;
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- {{ range .Values.persistence.sharesToCombine }}umount /combined/{{ .destName }}; {{- end }}
volumeMounts:
- mountPath: /data
name: data
{{- range .Values.persistence.extraPVCShares }}
- mountPath: /extras/{{ .name }}
name: {{ .name }}
{{- end }}
- mountPath: /combined
mountPropagation: Bidirectional
name: combined
{{- end }}
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
command:
- /bin/sh
- -c
- {{ if .Values.persistence.combineShares }}until [ -f /combined/overlays-mounted ]; do sleep 5; done; {{ end }}cd /scripts ; sh ./k8s.sh
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: cifs
containerPort: 445
protocol: TCP
{{- if .Values.livenessProbe.enabled | default true }}
livenessProbe:
exec:
command:
- /bin/sh
- -c
- {{ .Values.livenessProbe.command | default "echo | smbclient -L 127.0.0.1" | quote }}
{{- end }}
readinessProbe:
tcpSocket:
port: cifs
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- if .Values.image.lacksK8sScript }}
- mountPath: /configmaps/scripts
name: scripts
{{- end }}
- mountPath: /secrets
name: users
- mountPath: /etc/samba/smb.conf
name: smbconf
subPath: smb.conf
- mountPath: /data
name: data
{{- range .Values.persistence.extraPVCShares }}
- mountPath: /extras/{{ .name }}
name: {{ .name }}
{{- end }}
- mountPath: /privatepersist
name: private
- mountPath: /combined
name: combined
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{ if .Values.image.lacksK8sScript -}}
- name: scripts
configMap:
name: {{ $fullName }}-packagescripts
defaultMode: 0555
items:
- key: k8s.sh
path: k8s.sh
{{- end }}
- name: smbconf
configMap:
name: {{ $fullName }}-smbconf
defaultMode: 0644
items:
- key: smb.conf
path: smb.conf
- name: users
secret:
secretName: {{ $fullName }}-users
defaultMode: 0600
- name: data
{{ if .Values.persistence.enabled -}}
{{ if eq .Values.persistence.type "pvc" }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.pvc.existingClaim }}{{ .Values.persistence.pvc.existingClaim }}{{- else }}{{ template "samba4.fullname" . }}-data{{- end }}
{{ else if eq .Values.persistence.type "flexVolume" }}
#{{ required "A valid flexVolume block is required when using flexVolume persistence!" .Values.persistence.flexVolume }}
flexVolume:
{{ .Values.persistence.flexVolume | toYaml | indent 10 }}
{{- else if eq .Values.persistence.type "hostPath" }}
#{{ required "A valid hostPath.path is required when using hostPath persistence!" .Values.persistence.hostPath.path }}
hostPath:
path: {{ .Values.persistence.hostPath.path }}
{{ if .Values.persistence.hostPath.type -}}
type: {{ .Values.persistence.hostPath.type }}
{{ end -}}
{{ else if eq .Values.persistence.type "other" -}}
#{{ required "A valid other block is required when using flexVolume persistence!" .Values.persistence.other }}
{{ .Values.persistence.other | toYaml | indent 8 }}
{{ else -}}
{{ fail "if persistence is enabled, persistence.type must be one of 'pvc','flexVolume','hostPath' or 'other'!" }}
{{ end -}}
{{ else }}
emptyDir: {}
{{ end }}
- name: private
{{ if .Values.privatePersistence.enabled -}}
{{- $p := .Values.persistence -}}
{{- $pp := .Values.privatePersistence -}}
{{- if eq ($pp.type | default $p.type) "pvc" }}
persistentVolumeClaim:
claimName: {{ if $pp.pvc.existingClaim }}{{ $pp.pvc.existingClaim }}{{- else }}{{ template "samba4.fullname" . }}-private{{- end }}
{{ else if eq ($pp.type | default $p.type) "flexVolume" }}
#{{ required "A valid flexVolume block is required when using hostPath persistence!" $pp.flexVolume }}
flexVolume:
{{ $pp.flexVolume | toYaml | indent 10 }}
{{ else if eq ($pp.type | default $p.type) "hostPath" }}
#{{ required "A valid flexVolume block is required when using flexVolume persistence!" .Values.privatePersistence.flexVolume }}
hostPath:
path: {{ if .Values.privatePersistence.hostPath.path }}{{ .Values.privatePersistence.hostPath.path }}{{ else }}{{ .Values.persistence.hostPath.path }}/.smbprivate/{{ end }}
{{ if .Values.privatePersistence.hostPath.type -}}
type: {{ $pp.hostPath.type | $p.hostPath.type | default "Directory" | quote }}
{{ end -}}
{{ else if eq ($pp.type | default $p.type) "other" -}}
#{{ required "A valid other block is required when using flexVolume persistence!" .Values.privatePersistence.other }}
{{ $pp.other | toYaml | indent 8 }}
{{ else -}}
{{ fail "if privatePersistence is enabled, privatePersistence.type must be one of 'pvc','flexVolume','hostPath' or 'other'!" }}
{{ end -}}
{{ else }}
emptyDir: {}
{{ end -}}
{{ if .Values.persistence.enabled }}
{{- range .Values.persistence.extraPVCShares }}
- name: {{ .name }}
persistentVolumeClaim:
claimName: {{ $fullName }}-{{ .name }}
{{- end }}
{{ end -}}
{{ if .Values.persistence.combineShares }}
- name: combined
emptyDir: {}
{{ end -}}