apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "janus-backstage.fullname" . }} labels: {{- include "janus-backstage.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: {{- include "janus-backstage.selectorLabels" . | nindent 6 }} template: metadata: labels: {{- include "janus-backstage.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "janus-backstage.serviceAccountName" . }} containers: {{- if .Values.oauth.enabled }} - name: {{ include "janus-backstage.oauthProxy.name" . }} env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: name: {{ include "janus-backstage.fullname" . }} key: rhsso.clientId - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ include "janus-backstage.fullname" . }} key: rhsso.clientSecret - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: {{ include "janus-backstage.fullname" . }} key: oauth.cookieSecret - name: OAUTH2_PROXY_OIDC_ISSUER_URL value: {{ include "janus-backstage.rhsso.issuerUrl" . }} {{- if .Values.oauth.insecure }} - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY value: "true" {{- end }} ports: - containerPort: {{ .Values.oauth.port }} protocol: TCP imagePullPolicy: {{ .Values.oauth.image.pullPolicy }} image: "{{ .Values.oauth.image.repository }}:{{ .Values.oauth.image.tag }}" args: - '--provider=oidc' - '--email-domain=*' - '--upstream=http://localhost:{{ .Values.backstage.port }}' - '--http-address=0.0.0.0:{{ .Values.oauth.port }}' - '--skip-provider-button' {{- end }} - name: {{ .Chart.Name }} {{- if .Values.securityContext }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - node - packages/backend - --config - /config/app-config.yaml {{- if .Values.additionalConfig }} - --config - /config/additional-config.yaml {{- end }} env: {{- if .Values.postgres.storage.enabled }} - name: POSTGRES_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ include "janus-backstage.postgresql.name" . }} key: databasePassword - name: POSTGRES_HOST valueFrom: secretKeyRef: name: {{ include "janus-backstage.fullname" . }}-postgresql key: databaseHost - name: POSTGRES_USER valueFrom: secretKeyRef: name: {{ include "janus-backstage.fullname" . }}-postgresql key: databaseUser - name: POSTGRES_PORT valueFrom: secretKeyRef: name: {{ include "janus-backstage.fullname" . }}-postgresql key: databasePort {{- end }} {{- if .Values.rhsso.backstagePluginEnabled }} - name: "APP_CONFIG_catalog_providers_keycloakOrg_default_baseUrl" value: {{ required "RHSSO BaseUrl is Required" .Values.rhsso.baseUrl }} - name: "APP_CONFIG_catalog_providers_keycloakOrg_default_loginRealm" value: {{ required "RHSSO Realm is Required" .Values.rhsso.realm }} - name: "APP_CONFIG_catalog_providers_keycloakOrg_default_realm" value: {{ required "RHSSO Realm is Required" .Values.rhsso.realm }} - name: "APP_CONFIG_catalog_providers_keycloakOrg_default_clientId" valueFrom: secretKeyRef: name: {{ include "janus-backstage.fullname" . }} key: rhsso.clientId - name: "APP_CONFIG_catalog_providers_keycloakOrg_default_clientSecret" valueFrom: secretKeyRef: name: {{ include "janus-backstage.fullname" . }} key: rhsso.clientSecret {{- end }} {{- if .Values.backstage.tlsInsecure }} - name: "NODE_TLS_REJECT_UNAUTHORIZED" value: "0" {{- end }} {{- if .Values.argocd.enabled }} - name: "ARGOCD_AUTH_TOKEN" value: "argocd.token={{ .Values.argocd.token }}" {{- end }} ports: - name: http containerPort: {{ .Values.backstage.port }} protocol: TCP livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: janus-config readOnly: true mountPath: /config volumes: - name: janus-config secret: secretName: janus-config defaultMode: 420