apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Config.GetVariableValue "APPNAME" }} labels: app.kubernetes.io/name: {{ .Config.GetVariableValue "APPNAME" }} kubernetes.azure.com/generator: {{ .Config.GetVariableValue "GENERATORLABEL" }} namespace: {{ .Config.GetVariableValue "NAMESPACE" }} spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: {{ .Config.GetVariableValue "APPNAME" }} template: metadata: labels: app.kubernetes.io/name: {{ .Config.GetVariableValue "APPNAME" }} {{- if eq (.Config.GetVariableValue "ENABLEWORKLOADIDENTITY") "true" }} azure.workload.identity/use: "true" {{- end}} spec: {{- if eq (.Config.GetVariableValue "ENABLEWORKLOADIDENTITY") "true" }} serviceAccountName: {{ .Config.GetVariableValue "SERVICEACCOUNT" }} {{- end}} containers: - name: {{ .Config.GetVariableValue "APPNAME" }} image: {{ .Config.GetVariableValue "IMAGENAME" }}:{{ .Config.GetVariableValue "IMAGETAG" }} imagePullPolicy: {{ .Config.GetVariableValue "IMAGEPULLPOLICY" }} ports: - containerPort: {{ .Config.GetVariableValue "PORT"}} resources: requests: cpu: "{{ .Config.GetVariableValue "CPUREQ" }}" memory: "{{ .Config.GetVariableValue "MEMREQ" }}" limits: cpu: "{{ .Config.GetVariableValue "CPULIMIT" }}" memory: "{{ .Config.GetVariableValue "MEMLIMIT" }}" envFrom: - configMapRef: name: {{ .Config.GetVariableValue "APPNAME" | printf "%s-config" }} - secretRef: name: {{ .Config.GetVariableValue "ENVSECRETREF" }} optional: true livenessProbe: {{- if eq (.Config.GetVariableValue "PROBETYPE") "httpGet" }} httpGet: path: {{ .Config.GetVariableValue "PROBEHTTPPATH" }} port: {{ .Config.GetVariableValue "PORT" }} {{- else if eq (.Config.GetVariableValue "PROBETYPE") "tcpSocket" }} tcpSocket: port: {{ .Config.GetVariableValue "PORT" }} {{- end }} readinessProbe: {{- if eq (.Config.GetVariableValue "PROBETYPE") "httpGet" }} httpGet: path: {{ .Config.GetVariableValue "PROBEHTTPPATH" }} port: {{ .Config.GetVariableValue "PORT" }} {{- else if eq (.Config.GetVariableValue "PROBETYPE") "tcpSocket" }} tcpSocket: port: {{ .Config.GetVariableValue "PORT" }} {{- end }} periodSeconds: {{ .Config.GetVariableValue "READINESSPERIOD" }} timeoutSeconds: {{ .Config.GetVariableValue "READINESSTIMEOUT" }} failureThreshold: {{ .Config.GetVariableValue "READINESSFAILURETHRESHOLD" }} successThreshold: {{ .Config.GetVariableValue "READINESSSUCCESSTHRESHOLD" }} initialDelaySeconds: {{ .Config.GetVariableValue "READINESSINITIALDELAY" }} startupProbe: {{- if eq (.Config.GetVariableValue "PROBETYPE") "httpGet" }} httpGet: path: {{ .Config.GetVariableValue "PROBEHTTPPATH" }} port: {{ .Config.GetVariableValue "PORT" }} {{- else if eq (.Config.GetVariableValue "PROBETYPE") "tcpSocket" }} tcpSocket: port: {{ .Config.GetVariableValue "PORT" }} {{- end }} periodSeconds: {{ .Config.GetVariableValue "STARTUPPERIOD" }} timeoutSeconds: {{ .Config.GetVariableValue "STARTUPTIMEOUT" }} failureThreshold: {{ .Config.GetVariableValue "STARTUPFAILURETHRESHOLD" }} successThreshold: {{ .Config.GetVariableValue "STARTUPSUCCESSTHRESHOLD" }} initialDelaySeconds: {{ .Config.GetVariableValue "STARTUPINITIALDELAY" }} securityContext: seccompProfile: type: RuntimeDefault capabilities: drop: - ALL add: - SETPCAP - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL - SETGID - SETUID - NET_BIND_SERVICE - SYS_CHROOT - SETFCAP - SYS_PTRACE affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app.kubernetes.io/name: {{ .Config.GetVariableValue "APPNAME" }} topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app.kubernetes.io/name: {{ .Config.GetVariableValue "APPNAME" }}