PSA/helm/templates/deployment.yaml.bak

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "sebastian.fullname" . }}
  namespace: {{ include "sebastian.namespace" . }}
  labels:
    {{- include "sebastian.labels" . | nindent 4 }}
spec:
  replicas: {{ .Values.server.replicaCount }}
  selector:
    matchLabels:
      {{- include "sebastian.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "sebastian.selectorLabels" . | nindent 8 }}
        {{- with .Values.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      strategy:
        type: Recreate    
      {{- if .Values.server.image.is_private }}
      imagePullSecrets:
        - name: "{{ .Values.server.image.credentials }}"
      {{- end }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      volumes:
        {{- if .Values.server.persistence.enabled }}
        - name: storage-volume
          {{- if .Values.server.persistence.existingClaim }}
          persistentVolumeClaim:
            claimName: {{ .Values.server.persistence.existingClaim }}
          {{- else }}
          persistentVolumeClaim:
            claimName: {{ include "sebastian.fullname" . }}-storage
          {{- end }}
        {{- end }}        
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.server.image.name }}:{{ .Values.server.image.tag }}"
          command: ["./entrypoint.sh"]
          imagePullPolicy: {{ .Values.server.pullPolicy }}
          env:
          # ----------- APP ----------------
          - name: VERSION
            value: "{{ .Values.version }}"
          - name: APP_NAME
            value: "{{ .Values.nameOverride }}"
          - name: APP_ENV
            value: "{{ .Values.env }}"
          - name: NODE_ENV
            value: "{{ .Values.env }}"
          - name: HOST
            value: "{{ .Values.host }}"
          - name: VERIFY_EMAIL_ENABLED
            value: "{{ .Values.server.verify_email}}"

          # ----------- REDIS ----------------
          {{- if .Values.redis.enabled }}
          - name: REDIS_HOST
            value: "redis.{{ .Values.namespace }}.svc.cluster.local"
          - name: REDIS_PORT
            value: "6379"
          - name: REDIS_DB
            value: "0"
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
                name: redis-credentials
                key: REDIS_PASSWORD
          {{- else }}
          - name: REDIS_HOST
            value: "{{ .Values.config.redis.host }}.{{ .Values.namespace }}.svc.cluster.local"
          - name: REDIS_PORT
            value: "{{ .Values.config.redis.port }}"
          - name: REDIS_DB
            value: "{{ .Values.config.redis.db }}"
          - name: REDIS_PASSWORD
            value: "{{ .Values.config.redis.password }}"
          {{- end }}

          # ----------- DB ----------------
          {{- if .Values.db.enabled }}
          - name: DB_TYPE
            value: "postgres"
          - name: DB_HOST
            value: "db.{{ .Values.namespace }}.svc.cluster.local"
          - name: DB_USER_SERVER
            value: "app_user"
          - name: DB_PORT
            value: "5432"
          - name: DB_NAME_SERVER
            value: "server"
          - name: DB_USER_ADMIN
            value: "postgres"
          - name: DB_PASSWORD_ADMIN
            valueFrom:
              secretKeyRef:
                name: db-credentials
                key: DB_PASSWORD_SUPERUSER
          - name: DB_PASSWORD_SUPERUSER
            valueFrom:
              secretKeyRef:
                name: db-credentials
                key: DB_PASSWORD_SUPERUSER                
          - name: DB_PASSWORD_SERVER
            valueFrom:
              secretKeyRef:
                name: db-credentials
                key: DB_PASSWORD_SERVER
          {{- else }}
          - name: DB_TYPE
            value: "postgres"          
          - name: DB_HOST
            value: "{{ .Values.config.db.host }}"
          - name: DB_USER_SERVER
            value: "{{ .Values.config.db.user }}"          
          - name: DB_USER_ADMIN
            value: "postgres"
          - name: DB_PORT
            value: "{{ .Values.config.db.port }}"
          - name: DB_NAME_SERVER
            value: "{{ .Values.config.db.server_database }}"
          - name: DB_PASSWORD_ADMIN
            {{- if and .Values.config.db.server_password_admin_secret.name .Values.config.db.server_password_admin_secret.key }}
            valueFrom:
              secretKeyRef:
                name: {{ .Values.config.db.server_password_admin_secret.name | quote }}
                key: {{ .Values.config.db.server_password_admin_secret.key | quote }}
                namespace: {{ .Values.config.db.server_password_admin_secret.namespace | quote }}
            {{- else }}
            value: {{ .Values.config.db.server_admin_password | quote }}
            {{- end }}
          - name: DB_PASSWORD_SERVER
            {{- if and .Values.config.db.server_password_secret.name .Values.config.db.server_password_secret.key }}
            valueFrom:
              secretKeyRef:
                name: {{ .Values.config.db.server_password_secret.name | quote }}
                key: {{ .Values.config.db.server_password_secret.key | quote }}
                namespace: {{ .Values.config.db.server_password_admin_secret.namespace | quote }}
            {{- else }}
            value: {{ .Values.config.db.server_password | quote }}
            {{- end }}
          {{- end }}

          # ----------- STORAGE ----------------
          # Local Storage Provider (Community Edition)
          {{- if not .Values.config.storage.providers.s3.enabled }}
          - name: STORAGE_DEFAULT_PROVIDER
            value: "local"
          - name: STORAGE_LOCAL_BASE_PATH
            value: "{{ .Values.config.storage.providers.local.base_path | default "/data/files" }}"
          - name: STORAGE_LOCAL_MAX_FILE_SIZE
            value: "{{ .Values.config.storage.providers.local.max_file_size | default "\"104857600\"" }}"
          - name: STORAGE_LOCAL_ALLOWED_MIME_TYPES
            value: "{{ join "," .Values.config.storage.providers.local.allowed_mime_types | default "image/*,application/pdf,text/plain" }}"
          - name: STORAGE_LOCAL_RETENTION_DAYS
            value: "{{ .Values.config.storage.providers.local.retention_days | default "30" }}"
          {{- end }}

          # S3 Storage Provider (Enterprise Edition)
          {{- if .Values.config.storage.providers.s3.enabled }}
          - name: STORAGE_DEFAULT_PROVIDER
            value: "s3"
          - name: STORAGE_S3_REGION
            value: "{{ .Values.config.storage.providers.s3.region }}"
          - name: STORAGE_S3_BUCKET
            value: "{{ .Values.config.storage.providers.s3.bucket }}"
          - name: STORAGE_S3_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: storage-credentials
                key: S3_ACCESS_KEY
          - name: STORAGE_S3_SECRET_KEY
            valueFrom:
              secretKeyRef:
                name: storage-credentials
                key: S3_SECRET_KEY
          {{- if .Values.config.storage.providers.s3.endpoint }}
          - name: STORAGE_S3_ENDPOINT
            value: "{{ .Values.config.storage.providers.s3.endpoint }}"
          {{- end }}
          - name: STORAGE_S3_MAX_FILE_SIZE
            value: "{{ .Values.config.storage.providers.s3.max_file_size | default "104857600" }}"
          - name: STORAGE_S3_ALLOWED_MIME_TYPES
            value: "{{ join "," .Values.config.storage.providers.s3.allowed_mime_types | default "image/*,application/pdf,text/plain" }}"
          - name: STORAGE_S3_RETENTION_DAYS
            value: "{{ .Values.config.storage.providers.s3.retention_days | default "30" }}"
          {{- end }}

          # ----------- STORAGE UPLOAD ----------------
          - name: STORAGE_UPLOAD_TEMP_DIR
            value: "{{ .Values.config.storage.upload.temp_dir }}"
          - name: STORAGE_UPLOAD_MAX_CONCURRENT
            value: "{{ .Values.config.storage.upload.max_concurrent }}"
          - name: STORAGE_UPLOAD_CHUNK_SIZE
            value: "{{ .Values.config.storage.upload.chunk_size }}"

          # ----------- STORAGE BACKUP ----------------
          {{- if .Values.config.storage.backup.enabled }}
          - name: STORAGE_BACKUP_ENABLED
            value: "true"
          - name: STORAGE_BACKUP_SCHEDULE
            value: "{{ .Values.config.storage.backup.schedule }}"
          - name: STORAGE_BACKUP_RETENTION_DAYS
            value: "{{ .Values.config.storage.backup.retention.days }}"
          - name: STORAGE_BACKUP_RETENTION_COPIES
            value: "{{ .Values.config.storage.backup.retention.copies }}"
          {{- end }}

          # ----------- LOGGING ----------------
          - name: LOG_LEVEL
            value: "{{ .Values.logging.level }}"
          - name: LOG_IS_FORMAT_JSON
            value: "{{ .Values.logging.is_format_json }}"
          - name: LOG_IS_FULL_DETAILS
            value: "{{ .Values.logging.is_full_details }}"
          - name: LOG_ENABLED_FILE_LOGGING
            value: "{{ .Values.logging.file.enabled }}"
          - name: LOG_DIR_PATH
            value: "{{ .Values.logging.file.path }}"
          - name: LOG_ENABLED_EXTERNAL_LOGGING
            value: "{{ .Values.logging.external.enabled }}"
          - name: LOG_EXTERNAL_HTTP_HOST
            value: "{{ .Values.logging.external.host }}"
          - name: LOG_EXTERNAL_HTTP_PORT
            value: "{{ .Values.logging.external.port }}"
          - name: LOG_EXTERNAL_HTTP_PATH
            value: "{{ .Values.logging.external.path }}"
          - name: LOG_EXTERNAL_HTTP_LEVEL
            value: "{{ .Values.logging.external.level }}"
          - name: LOG_EXTERNAL_HTTP_TOKEN
            value: "{{ .Values.logging.external.token }}"

          # ----------- HOCUPOCUS ----------------
          - name: HOCUSPOCUS_URL
            value: "ws://houcspocus.{{ .Values.namespace }}.svc.cluster.local:{{ .Values.hocuspocus.service.port }}"

          # ----------- EMAIL ----------------
          - name: EMAIL_ENABLE
            value: "{{ .Values.email.enabled }}"
          - name: EMAIL_FROM
            value: "{{ .Values.email.from }}"
          - name: EMAIL_HOST
            value: "{{ .Values.email.host }}"
          - name: EMAIL_PORT
            value: "{{ .Values.email.port }}"
          - name: EMAIL_USERNAME
            value: "{{ .Values.email.user }}"
          - name: EMAIL_PASSWORD
            value: "{{ .Values.email.password }}"

          # ----------- LLM ----------------
          - name: OPENAI_API_KEY
            value: "{{ .Values.config.llm.openai }}"
          - name: ANTHROPIC_API_KEY
            value: "{{ .Values.config.llm.anthropic }}"

          # ----------- CRYPTO ----------------
          - name: CRYPTO_KEY
            valueFrom:
              secretKeyRef:
                name: "{{include "sebastian.fullname" .}}-secrets"
                key: CRYPTR_KEY
          - name: SALT_BYTES
            value: "{{ .Values.crypto.salt_bytes }}"
          - name: ITERATIONS
            value: "{{ .Values.crypto.iteration }}"
          - name: KEY_LENGTH
            value: "{{ .Values.crypto.key_length }}"
          - name: ALGORITHM
            value: "{{ .Values.crypto.algorithm }}"
          - name: ALGA_AUTH_KEY
            value: "{{ .Values.crypto.alga_auth_key }}"
          - name: SECRET_KEY
            value: "{{ .Values.crypto.secret_key }}"
            
          # ----------- TOKEN ----------------
          - name: TOKEN_SECRET_KEY
            valueFrom:
              secretKeyRef:
                name: "{{include "sebastian.fullname" .}}-secrets"
                key: TOKEN_SECRET_KEY
          - name: TOKEN_EXPIRE  
            value: "{{ .Values.token.expire }}"

          # ----------- AUTH ----------------
          - name: NEXTAUTH_URL
            value: "https://{{ .Values.host }}"
          - name: NEXTAUTH_SECRET
            valueFrom:
              secretKeyRef:
                name: "{{include "sebastian.fullname" .}}-secrets"
                key: NEXTAUTH_SECRET
          - name: NEXTAUTH_SESSION_EXPIRES
            value: "{{ .Values.auth.nextauth_session_expires }}"

          # ----------- GOOGLE AUTH ----------------
          {{- if .Values.google_auth.enabled }}
          - name: GOOGLE_OAUTH_CLIENT_ID
            value: "{{ .Values.google_auth.client_id }}"
          - name: GOOGLE_OAUTH_CLIENT_SECRET
            value: "{{ .Values.google_auth.client_secret }}"
          {{- end }}
         {{- if .Values.server.persistence.enabled }}
          volumeMounts:
            - name: storage-volume
              mountPath: {{ .Values.server.persistence.mountPath }}
          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.server.service.port }}
              protocol: TCP
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}