{{- if .Values.jwt.enabled }} apiVersion: v1 kind: Secret metadata: name: backend-jwt namespace: {{ .Values.namespace }} type: Opaque data: private.pem: {{ .Files.Get "jwt/private.pem" | b64enc }} public.pem: {{ .Files.Get "jwt/public.pem" | b64enc }} --- {{- end }} apiVersion: v1 kind: Secret metadata: name: backend-env namespace: {{ .Values.namespace }} annotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-weight: "-10" helm.sh/hook-delete-policy: before-hook-creation type: Opaque stringData: {{- range $key, $val := .Values.secrets }} {{ $key }}: {{ $val | quote }} {{- end }} --- apiVersion: v1 kind: ConfigMap metadata: name: backend-nginx-config namespace: {{ .Values.namespace }} data: default.conf: | server { listen 8080; server_name _; root /app/public; index index.php; client_max_body_size 108M; location / { try_files $uri /index.php$is_args$args; } location ~* \.(?:jpg|jpeg|gif|png|ico|css|js|svg|woff2)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; try_files $uri =404; } location ~ ^/index\.php(/|$) { fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param HTTP_PROXY ""; internal; } location ~ \.php$ { return 404; } } --- apiVersion: apps/v1 kind: Deployment metadata: name: backend namespace: {{ .Values.namespace }} labels: app: backend env: test spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: backend template: metadata: labels: app: backend env: test spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: php-fpm image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 9000 name: fpm envFrom: - secretRef: name: backend-env env: - name: JWT_SECRET_KEY value: /app/config/jwt/private.pem - name: JWT_PUBLIC_KEY value: /app/config/jwt/public.pem {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }} volumeMounts: - name: app-public mountPath: /app/public - name: jwt-keys mountPath: /app/config/jwt readOnly: true - name: var-cache mountPath: /app/var/cache - name: var-log mountPath: /app/var/log resources: {{- toYaml .Values.resources.php | nindent 12 }} - name: nginx image: {{ .Values.nginx.image }} ports: - containerPort: 8080 name: http volumeMounts: - name: app-public mountPath: /app/public readOnly: true - name: nginx-config mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf resources: {{- toYaml .Values.resources.nginx | nindent 12 }} initContainers: - name: warmup-cache image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["php", "bin/console", "cache:warmup", "--env=prod"] envFrom: - secretRef: name: backend-env env: - name: JWT_SECRET_KEY value: /app/config/jwt/private.pem - name: JWT_PUBLIC_KEY value: /app/config/jwt/public.pem {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }} volumeMounts: - name: jwt-keys mountPath: /app/config/jwt readOnly: true - name: var-cache mountPath: /app/var/cache - name: var-log mountPath: /app/var/log - name: copy-public image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" command: ["sh", "-c", "cp -a /app/public/. /public/"] volumeMounts: - name: app-public mountPath: /public volumes: - name: app-public emptyDir: {} - name: nginx-config configMap: name: backend-nginx-config - name: jwt-keys secret: secretName: backend-jwt - name: var-cache emptyDir: {} - name: var-log emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: backend namespace: {{ .Values.namespace }} spec: selector: app: backend ports: - name: http port: 80 targetPort: 8080 --- {{- if .Values.ingress.enabled }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: backend namespace: {{ .Values.namespace }} spec: ingressClassName: {{ .Values.ingress.className }} rules: - host: {{ .Values.ingress.host }} http: paths: - path: / pathType: Prefix backend: service: name: backend port: number: 80 {{- end }} --- {{- if .Values.migrate.enabled }} apiVersion: batch/v1 kind: Job metadata: name: backend-migrate namespace: {{ .Values.namespace }} labels: app: backend app.kubernetes.io/component: console app.kubernetes.io/part-of: backend app.kubernetes.io/name: backend-migrate annotations: argocd.argoproj.io/hook: PreSync argocd.argoproj.io/hook-delete-policy: BeforeHookCreation argocd.argoproj.io/sync-wave: "-1" spec: template: metadata: labels: app: backend app.kubernetes.io/component: console app.kubernetes.io/name: backend-migrate spec: {{- include "backend.migratePodSpec" (dict "root" .) | nindent 6 }} --- {{- end }} {{- range .Values.cronjobs }} {{- if .enabled }} apiVersion: batch/v1 kind: CronJob metadata: name: backend-{{ .name }} namespace: {{ $.Values.namespace }} labels: app: backend app.kubernetes.io/component: console app.kubernetes.io/part-of: backend app.kubernetes.io/name: backend-{{ .name }} spec: schedule: {{ .schedule | quote }} timeZone: {{ $.Values.cronJobTimeZone | quote }} concurrencyPolicy: Forbid successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 jobTemplate: spec: activeDeadlineSeconds: {{ .activeDeadlineSeconds | default 3600 }} template: metadata: labels: app: backend app.kubernetes.io/component: console app.kubernetes.io/name: backend-{{ .name }} spec: {{- include "backend.consolePodSpec" (dict "root" $ "job" .) | nindent 10 }} --- {{- end }} {{- end }}