fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml

127 lines
4.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "agentkit.fullname" . }}
labels:
{{- include "agentkit.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "agentkit.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "agentkit.selectorLabels" . | nindent 8 }}
annotations:
# ConfigMap 变更触发 rollout
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
serviceAccountName: {{ include "agentkit.serviceAccountName" . }}
{{- with .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ . }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: agentkit
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
args:
- serve
- --host
- 0.0.0.0
- --port
- {{ .Values.service.apiPort | quote }}
ports:
- name: api
containerPort: {{ .Values.service.apiPort }}
protocol: TCP
- name: gui
containerPort: {{ .Values.service.guiPort }}
protocol: TCP
env:
# --- 密钥从统一 Secret 注入Sealed Secret / External Secret 渲染)---
- name: JWT_SIGNING_KEY
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.jwtSigningKey.key }}
- name: API_KEY
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.apiKey.key }}
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.dbCredentials.key }}
- name: IDP_SIGNING_CERTS
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.idpSigningCerts.key }}
- name: THIRD_PARTY_API_KEYS
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.thirdPartyApiKeys.key }}
- name: MTLS_CLIENT_CERT
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.mtlsClientCert.key }}
- name: KMS_HSM_PIN
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.kmsHsmPin.key }}
- name: OTEL_EXPORTER_OTLP_HEADERS
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.otelExporterToken.key }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.redisPassword.key }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "agentkit.secretName" . }}
key: {{ .Values.secrets.postgresPassword.key }}
# --- 非密配置OTel endpoint、service name---
{{- if .Values.otel.enabled }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .Values.otel.endpoint | quote }}
- name: OTEL_SERVICE_NAME
value: {{ .Values.otel.serviceName | quote }}
{{- end }}
envFrom:
# agentkit.yaml 从 ConfigMap 注入(通过 AGENTKIT_CONFIG 环境变量指向挂载路径)
- configMapRef:
name: {{ include "agentkit.fullname" . }}
volumeMounts:
- name: config
mountPath: /etc/agentkit
readOnly: true
- name: tmp
mountPath: /tmp
resources:
{{- toYaml .Values.resources | nindent 12 }}
livenessProbe:
{{- toYaml .Values.probes.liveness | nindent 12 }}
readinessProbe:
{{- toYaml .Values.probes.readiness | nindent 12 }}
volumes:
- name: config
configMap:
name: {{ include "agentkit.fullname" . }}
- name: tmp
emptyDir: {}