apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gohoarder.fullname" . }}-frontend labels: {{- include "gohoarder.frontend.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount.frontend }} {{- end }} selector: matchLabels: {{- include "gohoarder.frontend.selectorLabels" . | nindent 6 }} template: metadata: annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "gohoarder.frontend.selectorLabels" . | nindent 8 }} spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "gohoarder.serviceAccountName" . }} securityContext: fsGroup: 101 runAsNonRoot: true runAsUser: 101 initContainers: - name: copy-static-files image: "{{ .Values.image.frontend.repository }}:{{ .Values.image.frontend.tag | default .Chart.AppVersion }}" command: ['sh', '-c'] args: - | # Copy built frontend files to writable volume cp -rp /usr/share/nginx/html/* /html/ # Copy nginx config to writable volume cp -rp /etc/nginx/conf.d/* /conf/ volumeMounts: - name: nginx-html mountPath: /html - name: nginx-conf mountPath: /conf securityContext: runAsUser: 101 allowPrivilegeEscalation: false capabilities: drop: - ALL containers: - name: frontend securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false runAsUser: 101 image: "{{ .Values.image.frontend.repository }}:{{ .Values.image.frontend.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.frontend.pullPolicy }} ports: - name: http containerPort: 80 protocol: TCP env: - name: API_BASE_URL value: {{ .Values.frontend.backendUrl | default "/api" | quote }} - name: APP_VERSION value: {{ .Chart.AppVersion | quote }} - name: APP_NAME value: "GoHoarder" # Backend proxy configuration (frontend now includes reverse proxy) - name: BACKEND_HOST value: {{ include "gohoarder.fullname" . }}-server - name: BACKEND_PORT value: {{ .Values.server.service.port | quote }} - name: SERVER_NAME value: {{ .Values.frontend.serverName | default "_" | quote }} {{- with .Values.frontend.env }} {{- toYaml . | nindent 8 }} {{- end }} livenessProbe: {{- toYaml .Values.frontend.livenessProbe | nindent 12 }} readinessProbe: {{- toYaml .Values.frontend.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.frontend.resources | nindent 12 }} volumeMounts: - name: tmp mountPath: /tmp - name: nginx-cache mountPath: /var/cache/nginx - name: nginx-run mountPath: /var/run - name: nginx-html mountPath: /usr/share/nginx/html - name: nginx-conf mountPath: /etc/nginx/conf.d volumes: - name: tmp emptyDir: {} - name: nginx-cache emptyDir: {} - name: nginx-run emptyDir: {} - name: nginx-html emptyDir: {} - name: nginx-conf emptyDir: {} {{- with .Values.frontend.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.frontend.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.frontend.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}