apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "findings-ledger.fullname" . }} labels: {{- include "findings-ledger.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: {{- include "findings-ledger.selectorLabels" . | nindent 6 }} template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: {{- include "findings-ledger.selectorLabels" . | nindent 8 }} spec: serviceAccountName: {{ include "findings-ledger.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: ledger securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP {{- if .Values.observability.metricsEnabled }} - name: metrics containerPort: {{ .Values.service.metricsPort }} protocol: TCP {{- end }} env: - name: ASPNETCORE_URLS value: "http://0.0.0.0:{{ .Values.service.port }}" - name: ASPNETCORE_ENVIRONMENT value: "Production" # Database - name: LEDGER__DB__CONNECTIONSTRING {{- include "findings-ledger.databaseConnectionString" . | nindent 14 }} # Observability - name: LEDGER__OBSERVABILITY__ENABLED value: {{ .Values.observability.enabled | quote }} - name: LEDGER__OBSERVABILITY__OTLPENDPOINT value: {{ .Values.observability.otlpEndpoint | quote }} # Merkle anchoring - name: LEDGER__MERKLE__ANCHORINTERVAL value: {{ .Values.merkle.anchorInterval | quote }} - name: LEDGER__MERKLE__EXTERNALIZE value: {{ .Values.merkle.externalize | quote }} # Attachments - name: LEDGER__ATTACHMENTS__MAXSIZEBYTES value: {{ .Values.attachments.maxSizeBytes | quote }} - name: LEDGER__ATTACHMENTS__ALLOWEGRESS value: {{ .Values.attachments.allowEgress | quote }} - name: LEDGER__ATTACHMENTS__ENCRYPTIONKEY valueFrom: secretKeyRef: name: {{ .Values.secrets.name }} key: LEDGER__ATTACHMENTS__ENCRYPTIONKEY # Authority - name: LEDGER__AUTHORITY__BASEURL value: {{ .Values.authority.baseUrl | quote }} # Air-gap thresholds - name: LEDGER__AIRGAP__ADVISORYSTALETHRESHOLD value: {{ .Values.airgap.advisoryStaleThreshold | quote }} - name: LEDGER__AIRGAP__VEXSTALETHRESHOLD value: {{ .Values.airgap.vexStaleThreshold | quote }} - name: LEDGER__AIRGAP__POLICYSTALETHRESHOLD value: {{ .Values.airgap.policyStaleThreshold | quote }} # Features - name: LEDGER__FEATURES__ENABLEATTACHMENTS value: {{ .Values.features.enableAttachments | quote }} - name: LEDGER__FEATURES__ENABLEAUDITLOG value: {{ .Values.features.enableAuditLog | quote }} {{- with .Values.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} {{- end }} readinessProbe: httpGet: path: {{ .Values.probes.readiness.path }} port: http initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.probes.readiness.periodSeconds }} livenessProbe: httpGet: path: {{ .Values.probes.liveness.path }} port: http initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.probes.liveness.periodSeconds }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: tmp mountPath: /tmp - name: data mountPath: /app/data volumes: - name: tmp emptyDir: {} - name: data emptyDir: {} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}