infra4talos/apps-helm/code-server/templates/deployment.yaml

{{ $secretName :=  include "code-server.fullname" . }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "code-server.fullname" . }}
  labels:
    app.kubernetes.io/name: {{ include "code-server.name" . }}
    helm.sh/chart: {{ include "code-server.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "code-server.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ include "code-server.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
      {{- if .Values.hostnameOverride }}
      hostname: {{ .Values.hostnameOverride }}
      {{- end }}
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName }}
      {{- end }}
      {{- if .Values.securityContext.enabled }}
      securityContext:
        fsGroup: {{ .Values.securityContext.fsGroup }}
      {{- end }}
      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
      initContainers:
      - name: init-chmod-data
        image: busybox:latest
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /home/coder            
        securityContext:
          runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
        volumeMounts:
        - name: data
          mountPath: /home/coder
{{- if .Values.extraInitContainers }}
{{ tpl .Values.extraInitContainers . | indent 6}}
{{- end }}
      {{- end }}
      containers:
{{- if .Values.extraContainers }}
{{ tpl .Values.extraContainers . | indent 8}}
{{- end }}
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          {{- if .Values.securityContext.enabled }}
          securityContext:
            runAsUser: {{ .Values.securityContext.runAsUser }}
          {{- end }}
          {{- if .Values.lifecycle.enabled }}
          lifecycle:
            {{- if .Values.lifecycle.postStart }}
            postStart:
              {{ toYaml .Values.lifecycle.postStart | nindent 14 }}
            {{- end }}
            {{- if .Values.lifecycle.preStop }}
            preStop:
              {{ toYaml .Values.lifecycle.preStop | nindent 14 }}
            {{- end }}
          {{- end }}
          env:
        {{- if .Values.extraVars }}
{{ toYaml .Values.extraVars | indent 10 }}
        {{- end }}
          - name: PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ .Values.secret.secretName | default $secretName }}
                key: {{ .Values.secret.passwordField | default "password" }}
        {{- if .Values.extraArgs }}
          args:
{{ toYaml .Values.extraArgs | indent 10 }}
        {{- end }}
          volumeMounts:
          - name: data
            mountPath: /home/coder
          {{- range .Values.extraConfigmapMounts }}
          - name: {{ .name }}
            mountPath: {{ .mountPath }}
            subPath: {{ .subPath | default "" }}
            readOnly: {{ .readOnly }}
          {{- end }}
          {{- range .Values.extraSecretMounts }}
          - name: {{ .name }}
            mountPath: {{ .mountPath }}
            readOnly: {{ .readOnly }}
          {{- end }}
          {{- range .Values.extraVolumeMounts }}
          - name: {{ .name }}
            mountPath: {{ .mountPath }}
            subPath: {{ .subPath | default "" }}
            readOnly: {{ .readOnly }}
          {{- end }}
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- tpl . $ | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "code-server.serviceAccountName" . }}
      volumes:
      - name: data
      {{- if .Values.persistence.enabled }}
        {{- if not .Values.persistence.hostPath }}
        persistentVolumeClaim:
          claimName: {{ .Values.persistence.existingClaim | default (include "code-server.fullname" .) }}
        {{- else }}
        hostPath:
          path: {{ .Values.persistence.hostPath }}
          type: Directory
        {{- end -}}
      {{- else }}
        emptyDir: {}
      {{- end -}}
      {{- range .Values.extraSecretMounts }}
      - name: {{ .name }}
        secret:
          secretName: {{ .secretName }}
          defaultMode: {{ .defaultMode }}
      {{- end }}
      {{- range .Values.extraConfigmapMounts }}
      - name: {{ .name }}
        configMap:
          name: {{ .configMap }}
          defaultMode: {{ .defaultMode }}
      {{- end }}
      {{- range .Values.extraVolumeMounts }}
      - name: {{ .name }}
        {{- if .existingClaim }}
        persistentVolumeClaim:
          claimName: {{ .existingClaim }}
        {{- else }}
        hostPath:
          path: {{ .hostPath }}
          type: Directory
        {{- end }}
      {{- end }}