apiVersion: extensions/v1beta1 kind: Deployment metadata: name: {{ .Values.name }} namespace: {{ .Release.Namespace }} labels: app: {{ .Values.name }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} {{- if .Values.caddyingresscontroller.deployment.labels }} {{ toYaml .Values.caddyingresscontroller.deployment.labels | indent 4 }} {{- end }} spec: replicas: 1 revisionHistoryLimit: 2 selector: matchLabels: app: {{ .Values.name }} release: {{ .Release.Name | quote }} template: metadata: labels: app: {{ .Values.name }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} {{- if .Values.caddyingresscontroller.deployment.labels }} {{ toYaml .Values.caddyingresscontroller.deployment.labels | indent 8 }} {{- end }} spec: serviceAccountName: {{ .Values.serviceAccountName }} containers: - name: {{ .Values.name }} image: "{{ .Values.caddyingresscontroller.image.name }}:{{ .Values.caddyingresscontroller.image.tag }}" imagePullPolicy: {{ .Values.caddyingresscontroller.image.pullPolicy }} securityContext: allowPrivilegeEscalation: true capabilities: drop: - ALL add: - NET_BIND_SERVICE # www-data -> 33 runAsUser: 0 runAsGroup: 0 ports: - name: http containerPort: 80 {{- if .Values.minikube }} hostPort: 80 # optional, required if running in minikube {{- end }} - name: https containerPort: 443 {{- if .Values.minikube }} hostPort: 443 # optional, required if running in minikube {{- end }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace args: {{- if .Values.autotls }} - -tls - -email={{ .Values.email }} {{- end }}