apiVersion: apps/v1 kind: Deployment metadata: labels: {{ include "..labels" . | nindent 4 }} name: {{ include "..fullname" . }} spec: replicas: 1 selector: matchLabels: {{ include "..selector-labels" . | nindent 6 }} template: metadata: labels: {{ include "..selector-labels" . | nindent 8 }} spec: containers: - name: umbraco envFrom: {{- range $sec := .Values.secrets }} {{- if eq $sec.type "env"}} - secretRef: name: {{ $sec.name }} {{- end }} {{- end }} {{- range $esec := .Values.externalSecrets }} {{- if eq $esec.type "env"}} - secretRef: name: {{ $esec.ref.target }} {{- end }} {{- end }} {{- range $cfgm := .Values.configMaps }} {{- if eq $cfgm.type "env"}} - configMapRef: name: {{ $cfgm.name }} {{- end }} {{- end }} image: {{ .Values.site.image }} imagePullPolicy: Always imagePullSecrets: {{ range $secret := .Values.secrets }} {{- if eq $secret.type "docker" }} - name: {{ $secret.name }} {{- end }} {{- end }} {{- range $esecret := .Values.externalSecrets }} {{- if eq $esecret.type "docker" }} - name: {{ $esecret.ref.target }} {{- end }} {{- end }} ports: - containerPort: 8123 name: http protocol: TCP resources: limits: cpu: {{ .Values.site.resources.cpu.peak | default "1000m" }} memory: {{ .Values.site.resources.mem.peak | default "512Mi" }} requests: cpu: {{ .Values.site.resources.cpu.min | default "100m" }} memory: {{ .Values.site.resources.mem.min | default "256Mi" }} securityContext: allowPrivilegeEscalation: false runAsUser: 0 dnsPolicy: ClusterFirst restartPolicy: Always