{{- if .Values.jwt.enabled }} apiVersion: v1 kind: Secret metadata: name: backend-jwt namespace: {{ .Values.namespace }} type: Opaque data: private.pem: {{ .Files.Get "jwt/private.pem" | b64enc }} public.pem: {{ .Files.Get "jwt/public.pem" | b64enc }} --- {{- end }} apiVersion: v1 kind: Secret metadata: name: backend-env namespace: {{ .Values.namespace }} annotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-weight: "-10" helm.sh/hook-delete-policy: before-hook-creation type: Opaque stringData: {{- range $key, $val := .Values.secrets }} {{ $key }}: {{ $val | quote }} {{- end }} --- apiVersion: v1 kind: ConfigMap metadata: name: backend-nginx-config namespace: {{ .Values.namespace }} data: default.conf: | server { listen 8080; server_name _; root /app/public; index index.php; client_max_body_size 108M; location / { try_files $uri /index.php$is_args$args; } location ~* \.(?:jpg|jpeg|gif|png|ico|css|js|svg|woff2)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; try_files $uri =404; } location ~ ^/index\.php(/|$) { fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param HTTP_PROXY ""; internal; } location ~ \.php$ { return 404; } } --- apiVersion: apps/v1 kind: Deployment metadata: name: backend namespace: {{ .Values.namespace }} labels: app: backend env: test spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: backend template: metadata: labels: app: backend env: test spec: containers: - name: php-fpm image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 9000 name: fpm envFrom: - secretRef: name: backend-env env: - name: JWT_SECRET_KEY value: /app/config/jwt/private.pem - name: JWT_PUBLIC_KEY value: /app/config/jwt/public.pem {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }} volumeMounts: - name: app-public mountPath: /app/public - name: jwt-keys mountPath: /app/config/jwt readOnly: true resources: {{- toYaml .Values.resources.php | nindent 12 }} - name: nginx image: {{ .Values.nginx.image }} ports: - containerPort: 8080 name: http volumeMounts: - name: app-public mountPath: /app/public readOnly: true - name: nginx-config mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf resources: {{- toYaml .Values.resources.nginx | nindent 12 }} initContainers: - name: copy-public image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" command: ["sh", "-c", "cp -a /app/public/. /public/"] volumeMounts: - name: app-public mountPath: /public volumes: - name: app-public emptyDir: {} - name: nginx-config configMap: name: backend-nginx-config - name: jwt-keys secret: secretName: backend-jwt --- apiVersion: v1 kind: Service metadata: name: backend namespace: {{ .Values.namespace }} spec: selector: app: backend ports: - name: http port: 80 targetPort: 8080 --- {{- if .Values.ingress.enabled }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: backend namespace: {{ .Values.namespace }} spec: ingressClassName: {{ .Values.ingress.className }} rules: - host: {{ .Values.ingress.host }} http: paths: - path: / pathType: Prefix backend: service: name: backend port: number: 80 {{- end }} --- {{- if .Values.migrate.enabled }} apiVersion: batch/v1 kind: Job metadata: name: backend-migrate namespace: {{ .Values.namespace }} annotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-weight: "0" helm.sh/hook-delete-policy: before-hook-creation spec: template: spec: restartPolicy: Never containers: - name: migrate image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" command: ["php", "bin/console", "doctrine:migrations:migrate", "--no-interaction"] envFrom: - secretRef: name: backend-env env: {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }} {{- end }} --- {{- if .Values.cronjobs.clearScheduleCache.enabled }} apiVersion: batch/v1 kind: CronJob metadata: name: backend-clear-schedule-cache namespace: {{ .Values.namespace }} spec: schedule: {{ .Values.cronjobs.clearScheduleCache.schedule | quote }} concurrencyPolicy: Forbid successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 jobTemplate: spec: activeDeadlineSeconds: 3600 template: spec: restartPolicy: OnFailure containers: - name: console image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" command: {{ .Values.cronjobs.clearScheduleCache.command | toJson }} envFrom: - secretRef: name: backend-env env: {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }} {{- end }}