lcy
/
truenas


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
							{{- define "npm.workload" -}}
workload:
  npm:
    enabled: true
    primary: true
    type: Deployment
    podSpec:
      hostNetwork: false
      securityContext:
        fsGroup: 1000
      containers:
        npm:
          enabled: true
          primary: true
          imageSelector: image
          securityContext:
            runAsUser: 0
            runAsGroup: 0
            readOnlyRootFilesystem: false
            runAsNonRoot: false
            capabilities:
              add:
                # Needed for: s6-applyuidgid: fatal: unable to setuid: Operation not permitted
                - SETUID
                # Needed for: s6-applyuidgid: fatal: unable to set supplementary group list: Operation not permitted
                - SETGID
                # Needed for: Used in some s6-overlay startup scripts
                - CHOWN
                - DAC_OVERRIDE
                # Needed for: Nginx Service
                - FOWNER
          fixedEnv:
            # FIXME: Revisit once upstream irons out some issues in regarids with PUID.
            # Make sure 568 PUID works before exposing
            PUID: 1000
          env:
            DISABLE_IPV6: true
            DB_SQLITE_FILE: /data/database.sqlite
          {{ with .Values.npmConfig.additionalEnvs }}
            {{ range $env := . }}
            {{ $env.name }}: {{ $env.value }}
            {{ end }}
          {{ end }}
          probes:
            liveness:
              enabled: true
              type: exec
              command: /bin/check-health
            readiness:
              enabled: true
              type: exec
              command: /bin/check-health
            startup:
              enabled: true
              type: exec
              command: /bin/check-health
{{/* Service */}}
service:
  npm:
    enabled: true
    primary: true
    type: NodePort
    targetSelector: npm
    ports:
      webui:
        enabled: true
        primary: true
        port: {{ .Values.npmNetwork.webPort }}
        nodePort: {{ .Values.npmNetwork.webPort }}
        targetPort: 81
        targetSelector: npm
      http:
        enabled: true
        port: {{ .Values.npmNetwork.httpPort }}
        nodePort: {{ .Values.npmNetwork.httpPort }}
        targetPort: 80
        targetSelector: npm
      https:
        enabled: true
        port: {{ .Values.npmNetwork.httpsPort }}
        nodePort: {{ .Values.npmNetwork.httpsPort }}
        targetPort: 443
        targetSelector: npm

{{/* Persistence */}}
persistence:
  data:
    enabled: true
    type: {{ .Values.npmStorage.data.type }}
    datasetName: {{ .Values.npmStorage.data.datasetName | default "" }}
    hostPath: {{ .Values.npmStorage.data.hostPath | default "" }}
    targetSelector:
      npm:
        npm:
          mountPath: /data
  certs:
    enabled: true
    type: {{ .Values.npmStorage.certs.type }}
    datasetName: {{ .Values.npmStorage.certs.datasetName | default "" }}
    hostPath: {{ .Values.npmStorage.certs.hostPath | default "" }}
    targetSelector:
      npm:
        npm:
          mountPath: /etc/letsencrypt
{{- end -}}