apiVersion: apps/v1 kind: Certificate metadata: name: {{ include "..fullname" . }}-cert labels: {{- include "..labels" . | nindent 8 }} cloudyne.systems/component: site spec: {{- if and .Values.customer .Values.customer.package }} replicas: {{ .Values.customer.package.replicas | default 1 }} {{- end }} selector: matchLabels: cloudyne.systems/customer: {{ .Values.customer.name }} cloudyne.systems/site: {{ .Values.site.url }} template: metadata: labels: cloudyne.systems/customer: {{ .Values.customer.name }} cloudyne.systems/site: {{ .Values.site.url }} spec: securityContext: fsGroup: 65534 volumes: - name: cloud persistentVolumeClaim: claimName: pvc-{{ include "..fullname" . }} - name: local emptyDir: {} initContainers: - name: deploy securityContext: allowPrivilegeEscalation: false runAsUser: 0 {{- if .Values.global }} image: {{ .Values.global.initImage }}:{{ .Values.global.imagetag }} {{- else }} image: ghcr.io/cloudynes/php-init:latest {{- end }} imagePullPolicy: Always command: [ "bash", "/init-py/init.sh" ] volumeMounts: - name: site mountPath: /app {{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }} {{- range $v := .Values.site.storage.cloud.folders }} - name: cloud mountPath: {{ $v.localPath }} subPath: {{ $v.cloudPath }} {{- end }} {{- end }} envFrom: - configMapRef: name: {{ include "..fullname" . }}-env - secretRef: name: {{ include "..fullname" . }}-db-auth containers: - name: wordpress securityContext: runAsUser: 65534